From: Jeffrey Walton Subject: Re: get_random_bytes returns bad randomness before seeding is complete Date: Sat, 3 Jun 2017 18:54:39 -0400 Message-ID: References: <20170602172616.47qcxav6adq52nmk@thunk.org> <20170602190734.6zll7zc5hr66oacl@thunk.org> <20170603050433.4xpvloul25s47f2z@thunk.org> Reply-To: noloader@gmail.com Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Cc: "Jason A. Donenfeld" , "Theodore Ts'o" , Stephan Mueller , Linux Crypto Mailing List , LKML , kernel-hardening@lists.openwall.com To: Sandy Harris Return-path: Received: from mail-oi0-f41.google.com ([209.85.218.41]:33753 "EHLO mail-oi0-f41.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751077AbdFCWyk (ORCPT ); Sat, 3 Jun 2017 18:54:40 -0400 In-Reply-To: Sender: linux-crypto-owner@vger.kernel.org List-ID: On Sat, Jun 3, 2017 at 5:45 PM, Sandy Harris wrote: > ... > Of course this will fail on systems with no high-res timer. Are there > still some of those? It might be done in about 1000 times as long on a > system that lacks the realtime library's nanosecond timer but has the > Posix standard microsecond timer, implying a delay time in the > milliseconds. Would that be acceptable in those cases? A significant portion of the use cases should include mobile devices. Device sales outnumbered desktop and server sales several years ago. Many devices are sensor rich. Even the low-end ones come with accelorometers for gaming. A typical one has 3 or 4 sensors, and higher-end ones have 7 or 8 sensors. An Evo 4G has 7 of them. There's no wanting for entropy in many of the use cases. The thing that is lacking seems to be taking advantage of it. Jeff