[cryptography] Kernel space vs userspace RNG

Krisztián Pintér pinterkr at gmail.com
Mon May 9 13:12:19 EDT 2016


Russell Leidich (at Saturday, May 7, 2016, 8:47:33 PM):
> Whatever its absolute value might be, the amount of entropy in the
> DMA timing skew has to be higher in practice than that in interrupt
> timing. The reason is that, for every interrupt, thousands or even
> billions of DMA transactions occur.

how do you plan to get notice of them? the very point of DMA is that
it goes on in the background, and then you get a notification.

> But can userspace see any of this via the timestamp counter?

this is not the question at all. i don't doubt that userspace can see
some entropy. my point was that the kernel sees everything, while
userspace sees less. it is not refuted by showing examples of entropy
userspace can collect.

please note that i also pointed out a danger: all the entropy visible
to userspace might be easier to steal, because there is a chance that
other programs can gather the exact same entropy (hence my example of
the sound card noise).

to some extent, havege might alleviate this, because there is no
direct way to observe the parameters it collects. but this is highly
speculative, as the true source of havege random is not the CPU, but
the same irqs and other hw events. the CPU just acts as a hard to
observe prng. so actually i'm not a fan. without looking into it
deeper, i believe this is also true for enranda.




More information about the cryptography mailing list