Re: [dsfjdssdfsd] what not to do...

Paul Hoffman <> Wed, 02 April 2014 17:02 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id E66521A02D2 for <>; Wed, 2 Apr 2014 10:02:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.747
X-Spam-Status: No, score=-0.747 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553, J_CHICKENPOX_21=0.6] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id JIzTqvvoJOnF for <>; Wed, 2 Apr 2014 10:02:34 -0700 (PDT)
Received: from (IPv6.Hoffman.Proper.COM [IPv6:2605:8e00:100:41::81]) by (Postfix) with ESMTP id 06FA81A02D4 for <>; Wed, 2 Apr 2014 10:02:31 -0700 (PDT)
Received: from [] ( []) (authenticated bits=0) by (8.14.8/8.14.7) with ESMTP id s32H2P0t084799 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for <>; Wed, 2 Apr 2014 10:02:26 -0700 (MST) (envelope-from
X-Authentication-Warning: Host [] claimed to be []
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
From: Paul Hoffman <>
In-Reply-To: <>
Date: Wed, 2 Apr 2014 10:02:24 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <> <> <>
To: "" <>
X-Mailer: Apple Mail (2.1874)
Subject: Re: [dsfjdssdfsd] what not to do...
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The dsfjdssdfsd list provides a venue for discussion of randomness in IETF protocols, for example related to updating RFC 4086." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 02 Apr 2014 17:02:39 -0000

On Apr 2, 2014, at 9:33 AM, Theodore Ts'o <> wrote:

> On Wed, Apr 02, 2014 at 10:57:34AM -0400, Donald Eastlake wrote:
>> Hi,
>> Yes, the "bad ideas" section of RFC 4086bis
>> (draft-eastlake-randomness3-00) seems like a good place to collect
>> additional things not to do.
>> I am planning to update that draft soon...
> Is this list the best list of have discussions about that draft?

This list was created partially for the discussion of the draft.

>  Or
> are you planning on using some other wg list?

Let's hope not.

> Some things that I might add as caveats is that the recommendations
> about using disk timing is based on research done decades ago, and
> disk drives have changed quite a bit since then.  I believe there
> probably is *some* entropy in spinning disks, but it may not be as
> much as possible.

There are many places in the draft where it uses antiquated ideas of where to get randomness, and does not quantify them. That's why I'm generally against updating the old RFCs at all; instead, we should start fresh with just what are really the Best Current Practices.

> In the section about clocks, it might be worthy to note that on modern
> CPU's, very often many clocks are derived from a single master
> oscillator.  If there are subsystems where you have two clocks that
> are _not_ derived from the same oscillator, there may be an
> opportunity to pick up a few bits of entropy.  (And I suspect that's
> probably one of the remaining sources of entropy from disk drives
> these days.)

Personally, I have a strong hesitation of a BCP using phrases like "a few bits of entropy" if we can't measure them and if we don't even know if they exist.

--Paul Hoffman