On 12/22/2010 03:49 PM, Clint Pachl wrote:
Salvador Fandiqo wrote:
Could a random seed be patched into the kernel image at installation
time?
Admittedly this is not entropy, this is a just secret key and anyone
with access to the machine would be able to read it,
How is it different than any other installation file then?
Now that it's amateur suggestion hour (no offense Salva), I'm going to
take a shot.
Would it be possible to use what randomness the system does have to seed
some reader that pseudo-randomly reads arbitrary bits from the loaded
kernel image in RAM?
Well whatever you might read will fall into three classes:
1 Bits that are fixed in the kernel image. Obviously these don't count
2 Bits that can go for long periods without changing.
3 Bits that change frequently. You might as well read these directly.
The challenge with (3) and especially (2) is quantifying how much
entropy you have actually gathered. If you can't quantify it, it doesn't
help you turn on the system faster.
This is the main reason why high speed timers are so valuable: you at
least expect them to change on a regular basis. Of course, they're so
regular that you have to use the uncertainty of some other event to
query the timer.
So the timer is just a way to convert timing uncertainty into bytes,
it's not a source of entropy itself.
If only the universe had more than one time dimension, more entropy
could be gathered at each event. But many CPUs actually do have more
than one and they can vary more or less independently.
For example, on i386 and amd64 there's a 'readtsc' instruction. It has a
very fast rate (e.g. CPU frequency) and it varies along with CPU
frequency scaling. Even better, it's notoriously hard to get consistent
results on multicore platforms. Unfortunately, I just read the Wikipedia
article and they indicate that Intel CPUs are standardizing on giving it
a fixed relationship to wall clock time.
This may differ per system, but doesn't uninitialized RAM start in an
"unknown state?" If so, could that be added to the entropy pool if it is
determined to be random (i.e. not initialized to zeros)?
Sure.
But it depends on all kinds of physical factors.
How much did you get?
Is it safe for the boot process to generate keys now?
Answering those questions accurately is more important than gathering
bonus entropy that you can't be sure of.
- Marsh
