/dev/random and virtual systems

Henrique de Moraes Holschuh hmh at debian.org
Tue Aug 3 16:19:20 EDT 2010

On Mon, 02 Aug 2010, Paul Wouters wrote:
> On Mon, 2 Aug 2010, Yaron Sheffer wrote:
> >In addition to the mitigations that were discussed on the list,
> >such machines could benefit from seeding /dev/random (or
> >periodically reseeding it) from the *host machine's* RNG. This is
> >one thing that's guaranteed to be different between VM instances.
> >So my question to the list: is this useful? Is this doable with
> >popular systems (e.g. Linux running on VMWare or VirtualBox)? Is
> >this actually being done?
> Both xen and kvm do not do this currently. It is problematic for servers.

The virtio-rng driver does it almost out-of-the-box, but it is sort of

Both Xen and KVM let you create communication channels between the
Hypervisor and a specific VM, which you can use to distribute entropy
from the hypervisor to rng-tools inside the VM.

  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list