User: Password:
Subscribe / Log in / New account

Appropriate sources of entropy

Appropriate sources of entropy

Posted May 25, 2008 13:39 UTC (Sun) by kleptog (subscriber, #1183)
In reply to: Appropriate sources of entropy by giraffedata
Parent article: Appropriate sources of entropy

This is something I don't quite understand. Yes, the packets might be registered at the
network card exactly N nanoseconds apart, but between the time that the packet is registered
by the card and when entropy might be added there is:

- Waiting for the PCI bus to be free to check the status of the card
- The CPU finding the code to run which may involve looking up page tables, pulling code out
which may be in any number of caches, each of which take an unpredicatable amount of time to
- The process of DMAing the data to main memory takes an unpredictable amount of time,
depending on the state of the DRAM.
- The busses are shared between various CPUs which are doing other things at the same time.
- The execution time of CPU instructions is affected by branch prediction logic and
instruction scheduling algorithms. Hyperthreading makes it worse.

And you're saying that at the end of this there's not even a single bit of entropy? If the
machine were otherwise completely idle I might understand it but if you just register lots of
dubious sources and use as entropy the time between different dubious sources I don't see how
it could be in any way predictable.

If I had any idea how to do it, I'd create a device that tried to extract entropy from the
timer interrupt and see if there is any correlation to be found...

(Log in to post comments)

Appropriate sources of entropy

Posted May 26, 2008 16:34 UTC (Mon) by aegl (guest, #37581) [Link]

"the time between different dubious sources"

Agree with most of what you've said here ... but I have to comment that Linux doesn't use the time delta between different interrupt sources. It keeps a per-IRQ history and computes delta-t based on the previous interrupt using the same IRQ (if multiple devices are sharing the same IRQ, then this will be a cross-device time, but generally people try to arrange that devices do not share IRQs).

I have no idea why Linux does this ... in some cases using deltas between different interrupt sources would provide some defense against an attacker who does have tight control over the packets on one or more interfaces.

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds