Bug #1358

Random number generator

Added by robin.carey1 almost 5 years ago. Updated almost 5 years ago.

Status:NewStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:-

Description

---------- Forwarded message ----------
From: Robin Carey <>
Date: 2009/5/8
Subject: Random number generator
To:

I had an idea about how to improve the random number generator in
DragonFlyBSD which I would like to share.

There is a bootstrapping problem where it is difficult to get enough
"entropy" at boot to ensure the random number generator is fully seeded and
completely unpredictable immediately after the system has booted.

Currently the random number generator seeds itself from nanotime() and
nanouptime() which introduces a small degree of entropy, but probably not
enough to ensure the above requirement is met.

So a possible improvement could be made by introducing more "entropy" at
initialisation from a high resolution timer like the TSC - rdtsc() (which is
also used in the random number generator - NANOUP_EVENT() - courtesy of
Matthew Dillon). That is my suggestion: Use rdtsc() aswell as nanotime() and
nanouptime() to ensure the random number generator has enough "entropy" at
boot to ensure it is fully seeded and completely unpredictable. If this were
done (and true) then you would not need the current ability of the random
number generator being able to be seeded from a file - an ability which
Matthew Dillon implemented to solve the boot-seeding problem.

I am wondering if there are any other high resolution timers available .....

unnamed (1.92 KB) robin.carey1, 05/08/2009 06:53 AM

History

#1 Updated by sepherosa almost 5 years ago

On Fri, May 8, 2009 at 2:47 PM, Robin Carey <> wrote:
>
>
> ---------- Forwarded message ----------
> From: Robin Carey <>
> Date: 2009/5/8
> Subject: Random number generator
> To:
>
>
> I had an idea about how to improve the random number generator in
> DragonFlyBSD which I would like to share.
>
> There is a bootstrapping problem where it is difficult to get enough
> "entropy" at boot to ensure the random number generator is fully seeded and
> completely unpredictable immediately after the system has booted.
>
> Currently the random number generator seeds itself from nanotime() and
> nanouptime() which introduces a small degree of entropy, but probably not
> enough to ensure the above requirement is met.
>
> So a possible improvement could be made by introducing more "entropy" at
> initialisation from a high resolution timer like the TSC - rdtsc() (which is
> also used in the random number generator - NANOUP_EVENT() - courtesy of
> Matthew Dillon). That is my suggestion: Use rdtsc() aswell as nanotime() and
> nanouptime() to ensure the random number generator has enough "entropy" at
> boot to ensure it is fully seeded and completely unpredictable. If this were
> done (and true) then you would not need the current ability of the random
> number generator being able to be seeded from a file - an ability which
> Matthew Dillon implemented to solve the boot-seeding problem.
>
> I am wondering if there are any other high resolution timers available .....

tsc probably is the highest resolution timer; it should be available
on almost all of the modern system. HPET is a high frequency timer
(>10Mhz, but compared to tsc, it is quite low freq) and ACPI timer is
@~3Mhz. They depends on that acpi.ko is loaded, and they are
available relatively later than tsc.

Best Regards,
sephe

#2 Updated by joerg almost 5 years ago

On Fri, May 08, 2009 at 07:47:46AM +0100, Robin Carey wrote:
> So a possible improvement could be made by introducing more "entropy" at
> initialisation from a high resolution timer like the TSC - rdtsc() (which is
> also used in the random number generator - NANOUP_EVENT() - courtesy of
> Matthew Dillon).

The high resolution timers are very likely already used and using
multiple time sources doesn't add much entropy as they are driven from
the same crystal in almost every system.

Joerg

#3 Updated by dillon almost 5 years ago

We should already be doing it at system startup via
[/usr/src]/etc/rc.d/initrandom. In fact, we pipe the entire contents
of sysctl -a to /dev/random.

-Matt

Also available in: Atom PDF