I'm reading https://lwn.net/SubscriberLink/802360/06e2457983b56edb/ … and facepalming. There is so much wrong here I don't even know where to start.
Show this thread
You can get entropy out of *asynchronous clocks*. Anything else is just a shitty hash function over other entropy inputs, if any, which you may as well try to collect directly.
-
-
So the code uses the TSC and races it against a timer, which uses the system clocksource. Guess what the system clocksource is on any modern PC? $ cat /sys/bus/clocksource/devices/clocksource0/current_clocksource tsc
Show this thread -
Might be the LAPIC timer for events, but really, who says that stuff isn't running off of a synchronized clock? You'd have had better luck back in the days of the PIT timer, that *definitely* had its own crystal.
Show this thread -
Then there's embedded systems which might have a grand total of one (1) quartz crystal.
Show this thread -
And then the code starts with this gem: http://stack.now = random_get_entropy(); /* Slow counter - or none. Don't even bother */ if (http://stack.now == random_get_entropy()) return;
Show this thread -
Challenge question: what happens when a "slow counter" just so happens to tick between those two calls? Yeah. You need to check 3 times, not 2 (assuming no IRQs to arbitrarily delay the check). And even then it's crude.
Show this thread -
The thing is, yes, you can get useful randomness from interesting places in most platforms, but you need to *know the platform*. This hack, well, it's probably going to give you just about enough entropy in 90% of cases. The other 10%? Pray.
Show this thread
End of conversation
New conversation -
-
-
Even for that I wouldn't be convinced that you can get entropy out of it fast enough without some justification that is based on actual measurements of how the clocks behave
-
Absolutely, how much entropy you do get varies per platform.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.