[149336] in cryptography@c2.net mail archive
Re: [Cryptography] cheap sources of entropy
daemon@ATHENA.MIT.EDU (Tom Mitchell)
Mon Feb 3 17:15:24 2014
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <EE35F422-34A6-45AD-8915-A25F1B8FDA91@lrw.com>
Date: Mon, 3 Feb 2014 13:13:53 -0800
From: Tom Mitchell <mitch@niftyegg.com>
To: Jerry Leichter <leichter@lrw.com>
Cc: Bill Stewart <bill.stewart@pobox.com>,
"cryptography@metzdowd.com" <cryptography@metzdowd.com>,
"James A. Donald" <Jamesd@echeque.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============8081879987660187166==
Content-Type: multipart/alternative; boundary=f46d0442819241231104f187008e
--f46d0442819241231104f187008e
Content-Type: text/plain; charset=ISO-8859-1
On Sat, Feb 1, 2014 at 8:27 PM, Jerry Leichter <leichter@lrw.com> wrote:
> On Feb 1, 2014, at 4:58 PM, James A. Donald wrote:
> > On 2014-02-02 06:38, Bill Stewart wrote:
> >> Definitely not. If you're on a VM, you have 0..n virtual disk drives,
> which the hypervisor simulates from a datastore pool and maybe some cache.
> >
> > Underneath all that are real material disk drives, which have
> turbulence. n in the time that your buffer gets filled. So just hash the
> cpu clock into your stockpile of randomness every time that you read data
> that is likely to need to come from disk. And then your VM is reading real
> randomness from real turbulence on the real disk.
>
......
> Go back to the paper that proposed using turbulence and repeat some of
> their tests in a virtual environment. Let us know what you *actually
> observe*.
>
http://world.std.com/~dtd/random/forward.PDF
> (BTW, it's not even clear that those measurements are relevant to today's
> disk drives and adapters.
Bingo... not relevant in the presence of modern SSD and also the built in
disk buffer
prefetch and more tricks of modern disks that minimize some or all of the
assumptions
for spinning media.
Virtual machines are difficult if not impossible all devices and hardware
can be or need to be virtualized...
Still there are many cats and many ways to skin a cat.
One could approach this a lot like system time with a list of trusted
sources of entropy to be hashed into a local stream. Time management
(NTP) has goals of trust and traffic minimization that have value here.
It does not take a lot of additional random data hashed into other
streams to generate a local stream that has decent quality.
I should note that open NTP sites have been the victim of DOS
amplification attacks so NTP is not perfect....
--
T o m M i t c h e l l
--f46d0442819241231104f187008e
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div class=3D"gmail_extra"><br><div class=3D"gmail_quote">=
On Sat, Feb 1, 2014 at 8:27 PM, Jerry Leichter <span dir=3D"ltr"><<a hre=
f=3D"mailto:leichter@lrw.com" target=3D"_blank">leichter@lrw.com</a>></s=
pan> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;p=
adding-left:1ex"><div class=3D"im">On Feb 1, 2014, at 4:58 PM, James A. Don=
ald wrote:<br>
> On 2014-02-02 06:38, Bill Stewart wrote:<br>
>> Definitely not. =A0If you're on a VM, you have 0..n virtual di=
sk drives, which the hypervisor simulates from a datastore pool and maybe s=
ome cache.<br>
><br>
> Underneath all that are real material disk drives, which have turbulen=
ce. =A0n in the time that your buffer gets filled. =A0 So just hash the cpu=
clock into your stockpile of randomness every time that you read data that=
is likely to need to come from disk. =A0And then your VM is reading real r=
andomness from real turbulence on the real disk.<br>
</div></blockquote><div>......=A0</div><blockquote class=3D"gmail_quote" st=
yle=3D"margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb=
(204,204,204);border-left-style:solid;padding-left:1ex">Go back to the pape=
r that proposed using turbulence and repeat some of their tests in a virtua=
l environment. =A0Let us know what you *actually observe*.<br>
</blockquote><div>=A0</div><div><a href=3D"http://world.std.com/~dtd/random=
/forward.PDF">http://world.std.com/~dtd/random/forward.PDF</a>=A0</div><div=
><br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.=
8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-st=
yle:solid;padding-left:1ex">
<br>
(BTW, it's not even clear that those measurements are relevant to today=
's disk drives and adapters.</blockquote><div><br></div><div>Bingo... n=
ot relevant in the presence of modern SSD and also the built in disk buffer=
=A0</div>
<div>prefetch and more tricks of modern disks that minimize some or all of =
the assumptions=A0</div><div>for spinning media.</div><div><br></div><div>V=
irtual machines are difficult if not impossible all devices and hardware</d=
iv>
<div>can be or need to be virtualized...</div><div><br></div><div>Still the=
re are many cats and many ways to skin a cat.</div><div><br></div><div>One =
could approach this a lot like system time with a list of trusted</div>
<div>sources of entropy to be hashed into a local stream. =A0 =A0Time manag=
ement</div><div>(NTP) has goals of trust and traffic minimization that have=
value here. =A0=A0</div><div>It does not take a lot of additional random d=
ata hashed into other</div>
<div>streams to generate a local stream that has decent quality.</div><div>=
<br></div><div>I should note that open NTP sites have been the victim of DO=
S=A0</div><div>amplification attacks so NTP is not perfect....</div><div>
<br></div><div><br></div><div><br></div><div><br></div><div>=A0</div></div>=
<br><br clear=3D"all"><div><br></div>-- <br><div dir=3D"ltr">=A0 T o m =A0 =
=A0M i t c h e l l</div>
</div></div>
--f46d0442819241231104f187008e--
--===============8081879987660187166==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============8081879987660187166==--
