Re: [dsfjdssdfsd] Risks of entropy available

Dan Brown <danibrown@blackberry.com> Mon, 16 April 2018 21:05 UTC

Return-Path: <danibrown@blackberry.com>
X-Original-To: dsfjdssdfsd@ietfa.amsl.com
Delivered-To: dsfjdssdfsd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B996126CB6 for <dsfjdssdfsd@ietfa.amsl.com>; Mon, 16 Apr 2018 14:05:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R4GMLtI9_Zkm for <dsfjdssdfsd@ietfa.amsl.com>; Mon, 16 Apr 2018 14:05:36 -0700 (PDT)
Received: from smtp-p01.blackberry.com (smtp-p01.blackberry.com [208.65.78.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 64121124B0A for <dsfjdssdfsd@ietf.org>; Mon, 16 Apr 2018 14:05:36 -0700 (PDT)
X-Spoof:
Received: from xct101cnc.rim.net ([10.65.161.201]) by mhs212cnc.rim.net with ESMTP/TLS/DHE-RSA-AES256-SHA; 16 Apr 2018 17:05:35 -0400
Received: from XMB116CNC.rim.net ([fe80::45d:f4fe:6277:5d1b]) by XCT101CNC.rim.net ([fe80::9c22:d9c:c906:c488%16]) with mapi id 14.03.0319.002; Mon, 16 Apr 2018 17:05:34 -0400
From: Dan Brown <danibrown@blackberry.com>
To: Dan Brown <danibrown@blackberry.com>, "dsfjdssdfsd@ietf.org" <dsfjdssdfsd@ietf.org>
Thread-Topic: Risks of entropy available
Thread-Index: AdJJlYI5iB70z0jIQMOX0DbzkV0LDFBgHS8AEqfvTuA=
Date: Mon, 16 Apr 2018 21:05:34 +0000
Message-ID: <810C31990B57ED40B2062BA10D43FBF501C53BBB@XMB116CNC.rim.net>
References: <810C31990B57ED40B2062BA10D43FBF501083C12@XMB116CNC.rim.net> <810C31990B57ED40B2062BA10D43FBF501C15EDD@XMB116CNC.rim.net>
In-Reply-To: <810C31990B57ED40B2062BA10D43FBF501C15EDD@XMB116CNC.rim.net>
Accept-Language: en-US, en-CA
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.65.160.249]
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_004B_01D3D5A5.1E6211A0"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dsfjdssdfsd/cOoQl0RYGeCMv7SEtlI9s9bl6n8>
Subject: Re: [dsfjdssdfsd] Risks of entropy available
X-BeenThere: dsfjdssdfsd@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "The dsfjdssdfsd list provides a venue for discussion of randomness in IETF protocols, for example related to updating RFC 4086." <dsfjdssdfsd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dsfjdssdfsd>, <mailto:dsfjdssdfsd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dsfjdssdfsd/>
List-Post: <mailto:dsfjdssdfsd@ietf.org>
List-Help: <mailto:dsfjdssdfsd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dsfjdssdfsd>, <mailto:dsfjdssdfsd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Apr 2018 21:05:39 -0000

Hi again random readers,
Just adding some credit and historical background to this thread .
The issue of keyboard timing leakage had already been raised long before:
http://archive.cert.uni-stuttgart.de/bugtraq/2003/08/msg00213.html
where /dev/random blocking (instead of entropy available in this thread) is
the keyboard-timing side channel
Thanks to 
https://en.wikipedia.org/wiki/Entropy_(computing)#cite_note-26

Best regards,
Dan

PS By the way, just so that I could be more sure about the topic of this
thread, I had tried to write some shell scripts that distinguish keyboard
inputs (button clicks and slow mouse movements) from any other entropy
inputs - using the way that the entropy available changes over time.  (But
without any precise timing info :) Basically, I noticed that with no
keyboard input or mouse movement - on my test device, a laptop, - the
pattern is that the entropy available usually increases by 1 every second or
so, and occasionally decreases by some larger amount. (I have no clue why.)
By contrast,  any keyboard input, mouse clicks/scrolls, or slow mouse
movement, seems to cause a more rapid increase.  (No clue why, either.)
Based on this pattern, I was able to devise a script that detected keyboard
input, with occasional false positives (one a minute?).  Of course, other
systems, Linux versions, may not have this pattern.  I would guess that this
pattern would only hold on a subset of personal laptops and Linux versions.
# Try this loop to look for a pattern like the one above 
while true; do printf \\r%5s%5s $(cat /proc/sys/kernel/random/entropy_avail)
bits; done