virtualization as a threat to RNG
The Fungi
fungi at yuggoth.org
Wed Mar 21 19:21:16 EDT 2007
On Tue, Mar 20, 2007 at 08:14:26PM -0400, Dan Geer wrote:
> Quoting from a discussion of threat posed by software virtualization as
> found in Symantec's ISTR:xi, released today:
>
> >The second type of threat that Symantec believes could emerge is
> >related to the impact that softwarevirtualized computers may have on
> >random number generators that are used inside guest operating systems
> >on virtual machines.
[...]
I will note that, on User-Mode Linux at least, a good approach seems
to be using the UML kernel option/driver to broker access to the host's
entropy via a faked hardware RNG. The down-side is that your host may
well need a boosted entropy source, if you have a lot of guests
using this feature. I'm unsure, however, how other virtualization
platforms handle this issue...
--
{ IRL(Jeremy_Stanley); PGP(9E8DFF2E4F5995F8FEADDC5829ABF7441FB84657);
SMTP(fungi at yuggoth.org); IRC(fungi at irc.yuggoth.org#ccl); ICQ(114362511);
AIM(dreadazathoth); YAHOO(crawlingchaoslabs); FINGER(fungi at yuggoth.org);
MUD(fungi at katarsis.mudpy.org:6669); WWW(http://fungi.yuggoth.org/); }
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list