/dev/random and virtual systems
Henrique de Moraes Holschuh
hmh at debian.org
Mon Aug 2 19:17:42 EDT 2010
On Mon, 02 Aug 2010, Yaron Sheffer wrote:
> the interesting thread on seeding and reseeding /dev/random did not
> mention that many of the most problematic systems in this respect
> are virtual machines. Such machines (when used for "cloud
Any decent hypervisor can supply entropy to the VMs. For about
US$100/hypervisor you add a slow speed (less than 1Mbit/s) TRNG, or you
can get a high-speed one for around US$ 1000/hypervisor, and distribute
the entropy for all VMs. It is very cost-effective.
Datacenters are easy, you can just buy a few low power VIA PadLock boxes
and have them distribute several Mbit/s of entropy over the network.
You can have at least 2 of them per 1U, or a lot more for custom
designs or piled up in 2U using a shelf.
You don't need entropy to use assymetric crypto to authenticate, receive
an encripted session key, and proceed to receive an encripted stream, so
the network and a cluster of entropy boxes is usable for initial seeding
as well.
Desktops with live-CDs and half-assed embedded boxes that lack a TRNG
are the real problem.
> In addition to the mitigations that were discussed on the list, such
> machines could benefit from seeding /dev/random (or periodically
> reseeding it) from the *host machine's* RNG. This is one thing
> that's guaranteed to be different between VM instances. So my
> question to the list: is this useful? Is this doable with popular
> systems (e.g. Linux running on VMWare or VirtualBox)? Is this
> actually being done?
It is done, yes. I am not sure how out-of-the-box that is, but there
are Linux kernel drivers to get entropy from the hypervisor.
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list