Re: Concurrent access to /dev/urandom
From: Kyle Moffett
Date: Mon Nov 29 2004 - 23:15:59 EST
On Nov 29, 2004, at 21:31, David Schwartz wrote:
Especially when used on a box without any effective entropy source -
like
praktically most cheap servers stashed away into some rack.
Assuming most of your cheap servers are running some version of the
Intel
Pentium or comparable, they have wonderful entropy sources. Nobody can
predict the oscillator offset between the crystals in the network
cards on
both ends and the TSC. This entropy source is mined by the kernel.
Even timer interrupts are incredibly unpredictable. Instructions can
take
variable times to complete, and all instructions plus some indeterminate
cache operations and queue flushing must occur before the CPU can
even begin to service an interrupt. Also of note, there are small
critical
sections with interrupts disabled scattered all over the kernel and
scheduler,
in addition to varying memory latencies, etc. (NOTE: I am not an arch
expert
so this is all just a very general overview of the way most kinds of
CPUs
handle interrupts). In general these unpredictable instabilities have a
randomization effect on the low bits of the TSC at each timer interrupt,
(or arch equivalent). The same thing goes for most other such events.
I
suspect that the computational power necessary to provide a useful model
of such a system would be so tremendous you would have an easier job
just trying all the possible cryptographic keys. :-D
Cheers,
Kyle Moffett
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCM/CS/IT/U d- s++: a17 C++++>$ UB/L/X/*++++(+)>$ P+++(++++)>$
L++++(+++) E W++(+) N+++(++) o? K? w--- O? M++ V? PS+() PE+(-) Y+
PGP+++ t+(+++) 5 X R? tv-(--) b++++(++) DI+ D+ G e->++++$ h!*()>++$ r
!y?(-)
------END GEEK CODE BLOCK------
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/