Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Verify JitterRng on hosted platforms #65

Closed
nagisa opened this issue Nov 30, 2017 · 5 comments
Closed

Verify JitterRng on hosted platforms #65

nagisa opened this issue Nov 30, 2017 · 5 comments
Labels
wontfix

Comments

@nagisa
Copy link

nagisa commented Nov 30, 2017

If my memory serves me well, the paper JitterRng was implemented according to was only really investigating the x86 platform and conclusions rely on some specific instructions working in a fairly specific way.

Since Rust supports targetting WASM now, we should make sure to check whether JitterRng produces quality entropy or, failing that, properly detects the failure and returns an error on hosted targets like wasm.

Specifically, of concern are:

  • Jitter caused by JIT translation during initial probing of the jitter quality (possible failure to detect low quality jitter as JIT translation most likely increases the jitter entropy);
  • Does jitter provide equally much of the entropy as on the bare-metal implementations in both "cold" (interpreted) and "warm" (JITed) states.
@dhardy dhardy mentioned this issue Dec 1, 2017
Merged
@dhardy
Copy link
Owner

dhardy commented Dec 1, 2017

It sounds like it's impossible to get nanosecond-resolution time in Javascript anyway, so JitterRng is not useful for WASM.

@pitdicker
Copy link

Apparently getting ns-resolution timings in Javascript is not allowed as a measure against timing attacks https://www.w3.org/TR/hr-time/#privacy-security. The test_timer function can detect this and gives a CoarseTimer error.

@dhardy dhardy added wontfix and removed help wanted labels Dec 1, 2017
@dhardy
Copy link
Owner

dhardy commented Dec 1, 2017
edited
Loading

Since @nagisa's report specifically mentions WASM, the issue is unfixable. As mentioned in the comment linked above WASM doesn't have a timer right now so there will be a compile error rather than a CoarseTimer error.

@nagisa
Copy link
Author

nagisa commented Dec 1, 2017

What about WASM run outside of browser in e.g. node.js? There’s a way to get nanosecond-precision time in javascript through process.hrtime(), which is what I suppose code targetting wasm32-unknown-nodejs would call into as well.

Sure, we don’t have this target yet, but it would still be a good idea to keep this in mind for whenever rustc grows such a target.

@dhardy
Copy link
Owner

dhardy commented Dec 1, 2017

If by "keep in mind" you mean you wish to investigate yourself, go ahead. Otherwise it's only an open "issue". It's outside the scope of what I want to achieve myself so I will close this issue (there's already been a huge amount of scope creep); open an issue on the parent repo if you wish.

@dhardy dhardy closed this as completed Dec 1, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
wontfix
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dhardy @nagisa @pitdicker