Am Donnerstag, 14. November 2013, 11:51:03 schrieb Clemens Ladisch: Hi Clemens, >Stephan Mueller wrote: >> Am Mittwoch, 13. November 2013, 12:51:44 schrieb Clemens Ladisch: >>> (And any setting that increases accesses to main memory is likey to >>> introduce more entropy due to clock drift between the processor and >>> the memory bus. Or where do you assume the entropy comes from?) >> >> You nailed it. When I disable the caches using the CR0 setting, I get >> a massive increase in variations and thus entropy. > >Now this would be an opportunity to use the number of main memory >accesses to estimate entropy. (And when you're running out of the >cache, i.e., deterministically, is there any entropy?) > I seem to have found the root cause with my bare metal tester, but I am yet unable to make sense of it. I will report back with more analyses. >An attacker would not try to detect patterns; he would apply knowledge >of the internals. I do not buy that argument, because if an attacker can detect or deduce the internals of the CPU, he surely can detect the state of the input_pool or the other entropy pools behind /dev/random. And then, /dev/random is not so entropic any more for that attacker. > >Statistical tests are useful only for detecting the absence of entropy, >not for the opposite. Again, I fully agree. But it is equally important to understand that entropy is relative. And all I want and all I care about is that an attacker has only the knowledge and ability to make measurements that are less precise than 1 bit. Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
