Re: Waiting for Randot (or: nia and maya were right and I was wrong)

To: Brett Lymn <blymn%internode.on.net@localhost>
Subject: Re: Waiting for Randot (or: nia and maya were right and I was wrong)
From: nia <nia%NetBSD.org@localhost>
Date: Fri, 15 Jan 2021 11:26:31 +0000

On Fri, Jan 15, 2021 at 02:01:45PM +1030, Brett Lymn wrote:
> If we have network of some sort can we leverage packet timing jitter somehow?

We do. In current it gets fed into the pool, but no longer increases the
entropy counter because it's deemed to be manipulable by hostile
parties. NetBSD 9 and prior will attempt to estimate the value of
those inputs, but that was deemed insecure (see my earlier reply to
RVP).

However, there's no clear way to show we're doing this since the output
of rndctl -l in -current does not include ignored samples (it does show
a list of devices, though). Would be nice to get an extra column :-)

References:
- Re: Waiting for Randot (or: nia and maya were right and I was wrong)
  - From: Manuel Bouyer
- Re: Waiting for Randot (or: nia and maya were right and I was wrong)
  - From: Taylor R Campbell
- Re: Waiting for Randot (or: nia and maya were right and I was wrong)
  - From: Brett Lymn

Prev by Date: Re: Waiting for Randot (or: nia and maya were right and I was wrong)
Next by Date: Re: Waiting for Randot (or: nia and maya were right and I was wrong)
Previous by Thread: Re: Waiting for Randot (or: nia and maya were right and I was wrong)
Next by Thread: Re: Waiting for Randot (or: nia and maya were right and I was wrong)
Indexes:

Home | Main Index | Thread Index | Old Index