On Fri, Jan 15, 2021 at 02:01:45PM +1030, Brett Lymn wrote: > If we have network of some sort can we leverage packet timing jitter somehow?
We do. In current it gets fed into the pool, but no longer increases the entropy counter because it's deemed to be manipulable by hostile parties. NetBSD 9 and prior will attempt to estimate the value of those inputs, but that was deemed insecure (see my earlier reply to RVP). However, there's no clear way to show we're doing this since the output of rndctl -l in -current does not include ignored samples (it does show a list of devices, though). Would be nice to get an extra column :-)
