/dev/random
Ben Laurie
ben at links.org
Tue Aug 21 08:55:02 UTC 2012
On Mon, Aug 20, 2012 at 11:55 PM, Peter Jeremy <peter at rulingia.com> wrote:
> On 2012-Aug-20 23:05:39 +0100, Ben Laurie <ben at links.org> wrote:
>>It is relevant because it seems there is entropy available in
>>fine-grained timing.
>
> Part of the entropy harvested at each of the sampling points is
> the CPU cyclecounter (eg TSC). It's difficult to see what finer
> grained timing you expect to be used.
In the wake of https://factorable.net/weakkeys12.conference.pdf, I'm
wondering how well we do on entropy-starved devices. The thing that
worries me about TSC is that multiple identical devices may get
similar values during initialisation (I don't know if they do, has
anyone studied this?). Skew between TSC and a real-time clock might be
useful (because ultimately the RTC relies on a clock that is not
synchronised with the CPU clock), but AFAICS we don't use the RTC to
provide randomness. I could be missing something, of course, I've only
recently started looking at this code.
More information about the freebsd-arch
mailing list