Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Stephan Mueller <smueller <at> chronox.de>
Subject: [RFC PATCH 0/5] CPU Jitter RNG
Newsgroups: gmane.linux.kernel
Date: Tuesday 4th February 2014 12:36:59 UTC (over 2 years ago)
Hi,

with the previous release of the CPU Jitter RNG ([1]), concerns were raised
on 
the presence of entropy in the CPU execution timing. With this new version
of 
the CPU Jitter RNG, a new noise source based on memory access timings is
now 
added and the concerns raised before are addressed with additional analyses

given in [2] section 6.1.

This additional noise source is again covered with extensive testing 
documented in [2] section 6.2. The test results allowed the explanation of
the 
basics of that memory access noise source.

To analyze the two noise sources, a bare metal testing program is used as 
documented in [2] section 6.3. That bare metal testing allows the analysis
of 
the noise source without interference of an OS and interrupts.

Furthermore, for the already existent noise source of the CPU execution 
timing, more analysis of the behavior of the CPU is provided in [2] section

6.1. The analysis, however, showed CPU behavior that cannot easily be 
explained. The testing shows that there is a possibility to eliminate the
CPU 
execution timing jitter for one particular measurement using a
serialization 
instruction. That elimination of timing jitter, however, was not visible
when 
the individual rounds of the RNG were tested. That means that the
elimination 
of timing jitter in one special case did not show any effects on the
behavior 
of the RNG.

The following set of patches integrate the CPU Jitter RNG as a fallback
noise 
source into /dev/random. The reason for using it as a fallback only is the 
conceptual difference of the CPU Jitter RNG to the other noise sources: all

other noise sources are a push mechanism whereas the CPU Jitter RNG works
by 
pulling bits on demand. Due to the speed of the Jitter RNG, it has the 
capability of monopolizing all other noise sources which is prevented by
only 
invoking it when the lower entropy threshold of the Linux RNG is reached.

Ciao
Stephan 

[1] http://thread.gmane.org/gmane.linux.kernel/1577419/focus=1586212
[2] http://www.chronox.de/jent/doc/CPU-Jitter-NPTRNG.html
-- 
| Cui bono? |
 
CD: 21ms