/dev/random and virtual systems
Henrique de Moraes Holschuh
hmh at debian.org
Tue Aug 3 16:19:20 EDT 2010
On Mon, 02 Aug 2010, Paul Wouters wrote:
> On Mon, 2 Aug 2010, Yaron Sheffer wrote:
> >In addition to the mitigations that were discussed on the list,
> >such machines could benefit from seeding /dev/random (or
> >periodically reseeding it) from the *host machine's* RNG. This is
> >one thing that's guaranteed to be different between VM instances.
> >So my question to the list: is this useful? Is this doable with
> >popular systems (e.g. Linux running on VMWare or VirtualBox)? Is
> >this actually being done?
>
> Both xen and kvm do not do this currently. It is problematic for servers.
The virtio-rng driver does it almost out-of-the-box, but it is sort of
new.
Both Xen and KVM let you create communication channels between the
Hypervisor and a specific VM, which you can use to distribute entropy
from the hypervisor to rng-tools inside the VM.
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list