CPRNGs are still an issue.

Jerry Leichter leichter at lrw.com
Tue Dec 16 17:23:20 EST 2008

On Dec 15, 2008, at 2:28 PM, Joachim Strömbergson wrote:
> ...One could probably do a similar comparison to the increasingly  
> popular
> idea of building virtual LANs to connect your virtualized server  
> running
> on the same physical host. Ethernet frame reception time variance as
> well as other real physical events should take a hit when moving into
> the virtualization domain. After all, replacing physical stuff with SW
> is the whole point of virtualization.
> Does anybody know what VMware, Parallels etc do to support entropy for
> sources like this, or is it basically a forgotten/skipped/ignored  
> feature?
They don't seem to be doing very much yet - and the problems are very  
real.  All sorts of algorithms assume that an instance of a running OS  
has some unique features associated with it, and at the least (a)  
those will be fairly stable over time; (b) there will never be two  
instances at the same time.  In different contexts and uses,  
virtualization breaks both of these.  The virtual image captures  
everything there is to say about the running OS and all its  
processes.  Nothing stops you from running multiple copies at once.   
Nothing stops you from saving an image, so replaying the same machine  
state repeatedly.  Conversely, if something in the underlying hardware  
is made available to provide uniqueness of some kind, the ability to  
stop the VM and move it elsewhere - typically between almost any two  
instructions - means that you can't rely on this uniqueness except in  
very constrained ways.

People move to virtualization with the idea that a virtual machine is  
just like a physical machine, only more flexible.  Well - it's either  
"just like", or it's "more flexible"!  It can't be both.  In fact,  
"more flexible" is what sells virtualization, and the effects can be  
very subtle and far-reaching.  We don't really understand them.
                                                         -- Jerry

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list