> > What entropy can be measured from disk timings are very often leaked
> > by immediately relaying data to web, shell, or X clients. Further,
> > patterns of drive head movement can be remotely controlled by clients
> > talking to file and web servers. Thus, while disk timing might be an
> > attractive source of entropy, it can't be used in a typical server
> > environment without great caution.
>
> This is something to be concerned about, to be sure. But generally a
> client won't have complete control of the drive head movement ---
> there are other clients involved --- and the adversary generally won't
> have complete knowledge of the block allocation of files, for example,
> so he/she would not be able to characterize the disk drive timings to
> the degree of accuracy required.
You seem assume that adversary is on remote system. That's not neccessarily
the case.
Imagine you wanting to generate gpg key while I have normal user account
on the machine. I can sample /proc/interrupts, measure disk speeds etc...
Perhaps we are alone on [otherwise idle] machine. You still don't want me
to guess your key.
Pavel
-- Philips Velo 1: 1"x4"x8", 300gram, 60, 12MB, 40bogomips, linux, mutt, details at http://atrey.karlin.mff.cuni.cz/~pavel/velo/index.html.- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/