Originally posted by oiaohm
View Post
Announcement
Collapse
No announcement yet.
It Turns Out CPU Speculative Execution Can Be Useful For Random Entropy / RNG
Collapse
X
-
Guest replied
- Likes 3
-
This would be very easy to manipulate if you are controlling the majority of the threads.
Good sources of non-deterministic entropy that almost all systems have: Flash IO timings. IRQ timings. Cross-core cache access timings. DRAM timings when thrashing the cache. Stack data when the IRQs run. GPIO latency timings. SPI bus latency timings. Even highly deterministic platforms with MCU cores like Arm M4 will be able to accumulate entropy from those sources.
Part of the problem with the current Linux random device performance is that it returns the actual accumulated entropy bits. If instead it accumulated a pool of 64k entropy bits, supplied up to 32k of hash-derived bits, then perturbed the pool with the bits accumulated while supplying that 32kbits (ie flip bits in the 64kbit pool as they come then MD5 stream the block), then there wouldn't be any problems with a shortage of crypto-secure entropy bits, and the CPU cost of those entropy bits wouldn't be quite so insanely high as it is now. And no quantum computer will ever break the unknowable 32kbits of the pool.
- Likes 2
Leave a comment:
-
Originally posted by tildearrow View PostThat's as long as there is some sort of input (e.g. keyboard, mouse or network) that will cause context switches. Otherwise it can be somewhat (theoretically) deterministic.
Yes some silicon and setups it would be deterministic.
Leave a comment:
-
That's as long as there is some sort of input (e.g. keyboard, mouse or network) that will cause context switches. Otherwise it can be somewhat (theoretically) deterministic.
- Likes 1
Leave a comment:
-
It Turns Out CPU Speculative Execution Can Be Useful For Random Entropy / RNG
Phoronix: It Turns Out CPU Speculative Execution Can Be Useful For Random Entropy / RNG
While CPU speculative execution has caused a lot of frustrations over the past two years due to the likes of the Spectre vulnerabilities, it turns out CPU speculative execution can be exploited to be a viable source of random entropy for random number generators...
Tags: None
Leave a comment: