On Thu, 2008-05-15 at 11:47 -0700, Kok, Auke wrote:

quoted text
> How about the non-NAPI and non-throttled case? I would argue that without any irq
> mitigation we can still use SA_RANDOM.

You don't know what packet-shaping us upstream ISPs are using.
If we're shaping then we're moving packets in time so that they
arrive upon the ticking of a output queue playout clock.  That
is, packet arrival becomes periodic not random.

Linux has a class-based queuing implementation and this would
have a similar effect on outbound packets.

Nearby microwave ovens will add periodicy to the arrival
of WLAN data. It wouldn't shock me if multicast traffic
over WLANs (even if not addressed to the host in question)
had the same effect on unicast data.

TCP's behaviour hardly leads to random packet arrival times.
Take the probability of TCP data inter-packet arrival times.
It is at least a binomial distribution (and thus not a random
distribution, and thus not suitable for /dev/random):
 - Case A: first packet in a TCP window transmission
 - Case B: subsequent packets in a TCP window transmission
           (probability rises to near 1 that another packet
            will shortly follow this one).
TCP packet transmission times are also binomial and strongly
self-correlated.

Worst of all, packet arrivals and departures are remotely observable,
both to a classic remote attacker with access to the comms channel and
to another user on a multiuser host.  So even if packet arrivals and
departures were totally random they would not be of use, since the
"random" numbers which contribute to the key would be known to the
attacker.

Regards, Glen

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html