libsodium mess

Gary E. Miller gem at rellim.com
Thu Jan 19 23:05:46 UTC 2017 

Yo Eric!

On Thu, 19 Jan 2017 17:23:01 -0500
"Eric S. Raymond" <esr at thyrsus.com> wrote:

> Gary E. Miller <gem at rellim.com>:
> > Yo Eric!
> > 
> > On Thu, 19 Jan 2017 14:30:35 -0500
> > "Eric S. Raymond" <esr at thyrsus.com> wrote:
> >   
> > > Gary E. Miller <gem at rellim.com>:  
> > > > > - to fuzz the low-order bits of the clock.    
> > > > 
> > > > Hmm, can you expand on this a bit?  Which clock?  How much fuzz?
> > > > Does this degrade anything?    
> > > 
> > > Whenever ntpd polls the system clock, it fuzzes the lowest-order
> > > digits of the result. The amount of fuzz to apply is bounded by
> > > half the measured interval between system clock ticks.  
> > 
> > Hmm, and how much would that typically be?  
> 
> I...don't actually know.  Probably less than a microsecond.

I little less than a micro Second would concern me.  A lot less would
not.

> It
> should be available as the value of the system variable
> "fuzz" (internally sys_fuzz) but I see
> 
> ntpq> rv 0 fuzz  
> fuzz=0.001
> 
> which makes me suspect a units problem somewhere.

ntpd/ntp_proto.c line 2639 says the units are Seconds.  If true
that makes your sys_fuzz 1 milli Second.  So adding a bit of randomness
around 500 micro Seconds.  That is terrible.  500x worse than we can
see in the PPS refclock.

> > Can you point me to this code?  I want to rip it out and do a
> > test.  
> 
> libntp/systime.c

On line 65 it says that sys_fuzz is in seconds!  That agrees with
ntp_proto.c.  So still terrible.

> Have fun.  You'll probably do a better job of ayditing that code than
> I would.

Very interesting stuff.  It will have to wait until the libsodium
thing is put to bed.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20170119/279d95f7/attachment.bin>

More information about the devel mailing list