Hi! > > From my point of view, it would make sense to factor time from RTC and > > mac addresses into the initial hash. Situation in the paper was so bad > > some devices had _completely identical_ keys. We should be able to do > > better than that. > > We fixed that **years** ago. In fact, the authors shared with me an > early look at that paper and I implemented add_device_entropy() over > the July 4th weekend back in 2012. So we are indeed mixing in MAC > addresses and the hardware clock (if it is initialized that early). > In fact that was one of the first things that I did. Note that this Ok, thanks. > > BTW... 128 interrupts... that's 1.3 seconds, right? Would it make > > sense to wait two seconds if urandom use is attempted before it is > > ready? > > That really depends on the system. We can't assume that people are > using systems with a 100Hz clock interrupt. More often than not > people are using tickless kernels these days. That's actually the > problem with changing /dev/urandom to block until things are > initialized. Ok, let me check: config HZ_PERIODIC config NO_HZ_IDLE config NO_HZ_FULL in HZ_PERIODIC, there should be no problem. NO_HZ_IDLE... should not be a problem either. We can easily make sure that cpu's are not idle, something like while (not_enough_entropy()) schedule() NO_HZ_FULL.... first, help text seems to imply that timer ticks still happen when cpu is in kernel, and second, there is always one CPU that handles timer ticks. So we are still ok. So I believe we should add the wait to urandom. One second delay in rare cases sounds better than alternatives. Best regards, Pavel PS: Are there systems where the timer interrupt is the only source of time? -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html