[147892] in cryptography@c2.net mail archive
Re: [Cryptography] My comments regarding using CPU jitter for
daemon@ATHENA.MIT.EDU (James A. Donald)
Wed Oct 30 13:42:36 2013
X-Original-To: cryptography@metzdowd.com
Date: Wed, 30 Oct 2013 19:22:19 +1000
From: "James A. Donald" <jamesd@echeque.com>
To: cryptography@metzdowd.com
In-Reply-To: <r422Ps-1075i-63944B2FF6A4454084FFB33C4A1A00A2@Williams-MacBook-Pro.local>
Reply-To: jamesd@echeque.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 2013-10-30 13:47, Bill Frantz wrote:
> On 10/28/13 at 4:03 PM, tytso@mit.edu wrote:
>
>> Maybe someone can prove that there is more entropy because of some
>> instability between the oscillator used by the CPU clock and the one
>> used by the ethernet NIC, and so I'm being hopelessly
>> over-conservative. Perhaps; but until we know for sure, using a
>> similar analysis to what I described above, I'd much rather be slow
>> than be potentially insecure.
>
> And in 5 years time, someone will build hardware that uses the same
> oscillator for both the CPU clock and the Ethernet NIC, doing to clock
> jitter entropy what solid state disks did to Don Davis' "Cryptographic
> randomness from air turbulence in disk drives" approach.
The TSC is a very fast, not very accurate clock.
It is hard to build a very accurate clock. The TSC does not need to be
a very accurate clock. Therefore it will never be a very accurate clock.
Therefore, even if the adversary has perfect knowledge of the exact
details of every interrupt and the exact time of every interrupt, he
will not know the exact TSC value of any interrupt.
Therefore every interrupt provides at least one bit of entropy.
Therefore, by the time you have finished any non trivial boot process,
you have enough entropy. The only problem is whether you delay all
processes that need entropy far enough into the boot process.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
