https://bugs.dragonflybsd.org/https://bugs.dragonflybsd.org/favicon.ico?16293952082009-05-08T14:53:59ZDragonFlyBSD bugtrackerDragonFlyBSD - Bug #1358: Random number generatorhttps://bugs.dragonflybsd.org/issues/1358?journal_id=65482009-05-08T14:53:59Zsepherosa
<ul></ul><p>On Fri, May 8, 2009 at 2:47 PM, Robin Carey <<a class="email" href="mailto:robin.carey1@googlemail.com">robin.carey1@googlemail.com</a>> wrote:</p>
<blockquote>
<p>---------- Forwarded message ----------<br />From: Robin Carey <<a class="email" href="mailto:robin.carey1@googlemail.com">robin.carey1@googlemail.com</a>><br />Date: 2009/5/8<br />Subject: Random number generator<br />To: <a class="email" href="mailto:submit-request@lists.dragonflybsd.org">submit-request@lists.dragonflybsd.org</a></p>
<p>I had an idea about how to improve the random number generator in<br />DragonFlyBSD which I would like to share.</p>
<p>There is a bootstrapping problem where it is difficult to get enough<br />"entropy" at boot to ensure the random number generator is fully seeded and<br />completely unpredictable immediately after the system has booted.</p>
<p>Currently the random number generator seeds itself from nanotime() and<br />nanouptime() which introduces a small degree of entropy, but probably not<br />enough to ensure the above requirement is met.</p>
<p>So a possible improvement could be made by introducing more "entropy" at<br />initialisation from a high resolution timer like the TSC - rdtsc() (which is<br />also used in the random number generator - NANOUP_EVENT() - courtesy of<br />Matthew Dillon). That is my suggestion: Use rdtsc() aswell as nanotime() and<br />nanouptime() to ensure the random number generator has enough "entropy" at<br />boot to ensure it is fully seeded and completely unpredictable. If this were<br />done (and true) then you would not need the current ability of the random<br />number generator being able to be seeded from a file - an ability which<br />Matthew Dillon implemented to solve the boot-seeding problem.</p>
<p>I am wondering if there are any other high resolution timers available .....</p>
</blockquote>
<p>tsc probably is the highest resolution timer; it should be available<br />on almost all of the modern system. HPET is a high frequency timer<br />(>10Mhz, but compared to tsc, it is quite low freq) and ACPI timer is<br />@~3Mhz. They depends on that acpi.ko is loaded, and they are<br />available relatively later than tsc.</p>
<p>Best Regards,<br />sephe</p> DragonFlyBSD - Bug #1358: Random number generatorhttps://bugs.dragonflybsd.org/issues/1358?journal_id=65492009-05-08T20:29:14Zjoerg
<ul></ul><p>On Fri, May 08, 2009 at 07:47:46AM +0100, Robin Carey wrote:</p>
<blockquote>
<p>So a possible improvement could be made by introducing more "entropy" at<br />initialisation from a high resolution timer like the TSC - rdtsc() (which is<br />also used in the random number generator - NANOUP_EVENT() - courtesy of<br />Matthew Dillon).</p>
</blockquote>
<p>The high resolution timers are very likely already used and using<br />multiple time sources doesn't add much entropy as they are driven from<br />the same crystal in almost every system.</p>
<p>Joerg</p> DragonFlyBSD - Bug #1358: Random number generatorhttps://bugs.dragonflybsd.org/issues/1358?journal_id=65512009-05-09T00:16:02Zdillon
<ul></ul><p>We should already be doing it at system startup via<br /> [/usr/src]/etc/rc.d/initrandom. In fact, we pipe the entire contents<br /> of sysctl -a to /dev/random.</p>
<pre><code>-Matt</code></pre> DragonFlyBSD - Bug #1358: Random number generatorhttps://bugs.dragonflybsd.org/issues/1358?journal_id=124592015-01-15T15:33:03Ztuxillo
<ul><li><strong>Description</strong> updated (<a title="View differences" href="/journals/12459/diff?detail_id=2135">diff</a>)</li><li><strong>Category</strong> set to <i>Crypto</i></li><li><strong>Status</strong> changed from <i>New</i> to <i>Feedback</i></li><li><strong>Assignee</strong> deleted (<del><i>0</i></del>)</li><li><strong>Priority</strong> changed from <i>Normal</i> to <i>Low</i></li><li><strong>Target version</strong> set to <i>4.2</i></li></ul><p>Hi Alex,</p>
<p>Do you know if this would this be still relevant?</p>
<p>Cheers,<br />Antonio Huete</p> DragonFlyBSD - Bug #1358: Random number generatorhttps://bugs.dragonflybsd.org/issues/1358?journal_id=124602015-01-15T15:37:33Zalexh
<ul></ul><p>This has never been relevant. The only way to ensure the system starts up with (enough) entropy is to save some on shutdown. See ceccfc6bc7912b64fce4d4cd929eaf9346d00d53 for more details.</p> DragonFlyBSD - Bug #1358: Random number generatorhttps://bugs.dragonflybsd.org/issues/1358?journal_id=124682015-01-15T16:30:35Zrobin.carey1
<ul></ul><p>Dear Alex & Antonio,</p>
<p>There is a way to provide enough "entropy" (unpredictable data) to the<br />in-Kernel CRNG, to ensure it has enough data to start producing<br />unpredictable random data.</p>
<p>When I say "enough" I am talking about a minimum of 128-bits.</p>
<p>On 15 January 2015 at 15:37, <<a class="email" href="mailto:bugtracker-admin@leaf.dragonflybsd.org">bugtracker-admin@leaf.dragonflybsd.org</a>> wrote:</p>
<blockquote>
<p>Issue <a class="issue tracker-1 status-6 priority-3 priority-lowest closed" title="Bug: Random number generator (Rejected)" href="https://bugs.dragonflybsd.org/issues/1358">#1358</a> has been updated by alexh.</p>
<p>This has never been relevant. The only way to ensure the system starts up<br />with (enough) entropy is to save some on shutdown. See<br />ceccfc6bc7912b64fce4d4cd929eaf9346d00d53 for more details.</p>
<p>----------------------------------------<br />Bug <a class="issue tracker-1 status-6 priority-3 priority-lowest closed" title="Bug: Random number generator (Rejected)" href="https://bugs.dragonflybsd.org/issues/1358">#1358</a>: Random number generator<br /><a class="external" href="http://bugs.dragonflybsd.org/issues/1358#change-12460">http://bugs.dragonflybsd.org/issues/1358#change-12460</a></p>
<ul>
<li>Author: robin.carey1</li>
<li>Status: Feedback</li>
<li>Priority: Low</li>
<li>Assignee:</li>
<li>Category: Crypto</li>
<li>Target version: 4.2.x<br />----------------------------------------<br />---------- Forwarded message ----------<br />From: Robin Carey <<a class="email" href="mailto:robin.carey1@googlemail.com">robin.carey1@googlemail.com</a>><br />Date: 2009/5/8<br />Subject: Random number generator<br />To: <a class="email" href="mailto:submit-request@lists.dragonflybsd.org">submit-request@lists.dragonflybsd.org</a></li>
</ul>
<p>I had an idea about how to improve the random number generator in<br />DragonFlyBSD which I would like to share.</p>
<p>There is a bootstrapping problem where it is difficult to get enough<br />"entropy" at boot to ensure the random number generator is fully seeded and<br />completely unpredictable immediately after the system has booted.</p>
<p>Currently the random number generator seeds itself from nanotime() and<br />nanouptime() which introduces a small degree of entropy, but probably not<br />enough to ensure the above requirement is met.</p>
<p>So a possible improvement could be made by introducing more "entropy" at<br />initialisation from a high resolution timer like the TSC - rdtsc() (which<br />is<br />also used in the random number generator - NANOUP_EVENT() - courtesy of<br />Matthew Dillon). That is my suggestion: Use rdtsc() aswell as nanotime()<br />and<br />nanouptime() to ensure the random number generator has enough "entropy" at<br />boot to ensure it is fully seeded and completely unpredictable. If this<br />were<br />done (and true) then you would not need the current ability of the random<br />number generator being able to be seeded from a file - an ability which<br />Matthew Dillon implemented to solve the boot-seeding problem.</p>
<p>I am wondering if there are any other high resolution timers available<br />.....</p>
<p>---Files--------------------------------<br />unnamed (1.92 KB)</p>
<p>--<br />You have received this notification because you have either subscribed to<br />it, or are involved in it.<br />To change your notification preferences, please click here:<br /><a class="external" href="http://bugs.dragonflybsd.org/my/account">http://bugs.dragonflybsd.org/my/account</a></p>
</blockquote>
<p>-- <br />Sincerely,</p>
<p>Robin Carey BSc</p> DragonFlyBSD - Bug #1358: Random number generatorhttps://bugs.dragonflybsd.org/issues/1358?journal_id=124722015-01-15T16:42:00Zrobin.carey1
<ul></ul><p>Dear Alex & Antonio,</p>
<p>I should qualify that last response by clarifying; without having to save<br />data to an "entropy file" on shutdown (or any other non-optimal solution).</p>
<p>I did exactly that, on FreeBSD, a long time ago. That code was the basis<br />for the CRNG that I submitted to Matthew Dillon, which he then ported to<br />DragonFlyBSD. Matthew did not like the method I was using, and so did not<br />use it. However, the rest of the code I submitted was used.</p>
<p>I think that was about 2006.</p>
<p>Since then I've considered my solution and refined it (on paper).</p>
<p>After all, the threshold for achieving unpredictable random operation<br />(CRNG) is only 128-bits (the size of data which makes a brute-force attack<br />untenable). Not a lot really.</p>
<p>On 15 January 2015 at 15:37, <<a class="email" href="mailto:bugtracker-admin@leaf.dragonflybsd.org">bugtracker-admin@leaf.dragonflybsd.org</a>> wrote:</p>
<blockquote>
<p>Issue <a class="issue tracker-1 status-6 priority-3 priority-lowest closed" title="Bug: Random number generator (Rejected)" href="https://bugs.dragonflybsd.org/issues/1358">#1358</a> has been updated by alexh.</p>
<p>This has never been relevant. The only way to ensure the system starts up<br />with (enough) entropy is to save some on shutdown. See<br />ceccfc6bc7912b64fce4d4cd929eaf9346d00d53 for more details.</p>
<p>----------------------------------------<br />Bug <a class="issue tracker-1 status-6 priority-3 priority-lowest closed" title="Bug: Random number generator (Rejected)" href="https://bugs.dragonflybsd.org/issues/1358">#1358</a>: Random number generator<br /><a class="external" href="http://bugs.dragonflybsd.org/issues/1358#change-12460">http://bugs.dragonflybsd.org/issues/1358#change-12460</a></p>
<ul>
<li>Author: robin.carey1</li>
<li>Status: Feedback</li>
<li>Priority: Low</li>
<li>Assignee:</li>
<li>Category: Crypto</li>
<li>Target version: 4.2.x<br />----------------------------------------<br />---------- Forwarded message ----------<br />From: Robin Carey <<a class="email" href="mailto:robin.carey1@googlemail.com">robin.carey1@googlemail.com</a>><br />Date: 2009/5/8<br />Subject: Random number generator<br />To: <a class="email" href="mailto:submit-request@lists.dragonflybsd.org">submit-request@lists.dragonflybsd.org</a></li>
</ul>
<p>I had an idea about how to improve the random number generator in<br />DragonFlyBSD which I would like to share.</p>
<p>There is a bootstrapping problem where it is difficult to get enough<br />"entropy" at boot to ensure the random number generator is fully seeded and<br />completely unpredictable immediately after the system has booted.</p>
<p>Currently the random number generator seeds itself from nanotime() and<br />nanouptime() which introduces a small degree of entropy, but probably not<br />enough to ensure the above requirement is met.</p>
<p>So a possible improvement could be made by introducing more "entropy" at<br />initialisation from a high resolution timer like the TSC - rdtsc() (which<br />is<br />also used in the random number generator - NANOUP_EVENT() - courtesy of<br />Matthew Dillon). That is my suggestion: Use rdtsc() aswell as nanotime()<br />and<br />nanouptime() to ensure the random number generator has enough "entropy" at<br />boot to ensure it is fully seeded and completely unpredictable. If this<br />were<br />done (and true) then you would not need the current ability of the random<br />number generator being able to be seeded from a file - an ability which<br />Matthew Dillon implemented to solve the boot-seeding problem.</p>
<p>I am wondering if there are any other high resolution timers available<br />.....</p>
<p>---Files--------------------------------<br />unnamed (1.92 KB)</p>
<p>--<br />You have received this notification because you have either subscribed to<br />it, or are involved in it.<br />To change your notification preferences, please click here:<br /><a class="external" href="http://bugs.dragonflybsd.org/my/account">http://bugs.dragonflybsd.org/my/account</a></p>
</blockquote>
<p>-- <br />Sincerely,</p>
<p>Robin Carey BSc</p> DragonFlyBSD - Bug #1358: Random number generatorhttps://bugs.dragonflybsd.org/issues/1358?journal_id=124782015-01-15T16:52:39Zalexh
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>Rejected</i></li></ul><p>The entropy file solution is absolutely standard (but was disabled for a long time on DragonFly), and one of the very few ways of ensuring enough entropy at boot time (without a hardware RNG, etc). It's rather sad that you think a high resolution timer is a valid way of achieving the same.</p>
<p>In any case, not really in the mood of arguing about this, so I'm closing this.</p>