CPRNGs are still an issue.
Jerry Leichter
leichter at lrw.com
Tue Dec 16 17:23:20 EST 2008
On Dec 15, 2008, at 2:28 PM, Joachim Strömbergson wrote:
> ...One could probably do a similar comparison to the increasingly
> popular
> idea of building virtual LANs to connect your virtualized server
> running
> on the same physical host. Ethernet frame reception time variance as
> well as other real physical events should take a hit when moving into
> the virtualization domain. After all, replacing physical stuff with SW
> is the whole point of virtualization.
>
> Does anybody know what VMware, Parallels etc do to support entropy for
> sources like this, or is it basically a forgotten/skipped/ignored
> feature?
They don't seem to be doing very much yet - and the problems are very
real. All sorts of algorithms assume that an instance of a running OS
has some unique features associated with it, and at the least (a)
those will be fairly stable over time; (b) there will never be two
instances at the same time. In different contexts and uses,
virtualization breaks both of these. The virtual image captures
everything there is to say about the running OS and all its
processes. Nothing stops you from running multiple copies at once.
Nothing stops you from saving an image, so replaying the same machine
state repeatedly. Conversely, if something in the underlying hardware
is made available to provide uniqueness of some kind, the ability to
stop the VM and move it elsewhere - typically between almost any two
instructions - means that you can't rely on this uniqueness except in
very constrained ways.
People move to virtualization with the idea that a virtual machine is
just like a physical machine, only more flexible. Well - it's either
"just like", or it's "more flexible"! It can't be both. In fact,
"more flexible" is what sells virtualization, and the effects can be
very subtle and far-reaching. We don't really understand them.
-- Jerry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list