questions about RNGs and FIPS 140
Thomas
tom at electric-sheep.org
Fri Aug 27 02:34:07 EDT 2010
Hello.
Am Donnerstag 26 August 2010 12:25:55 schrieb Jerry Leichter:
[...]
> > 4) What about VMs?
> > Rolling back a deterministic RNG on those systems gives the same
> > values unless/until you re-seed with something new to this iteration
>
> I'm not sure what you mean by "rolling back". Yes, if you restart any
> deterministic RNG with a previously-used internal state, it will
> generate the same stream it did before. This is true whether you are
> in a VM or not.
That is true.
Luckily /dev/random is re-seeded during run-time. So even if you do
a roll-back of a system and the new input it non-deterministic it will
generate different output immediately.
> RNG's in VM's are a big problem because the "unpredictable" values
> used in the non-deterministic parts of the algorithms - whether you
> use them just for seeding or during updating as well - are often much
> more predictable in a VM than a "real" machine. (For example, disk
> timings on real hardware have some real entropy, but in a VM with an
> emulated disk, that's open to question.)
I really doubt it. Are there papers about it?
It does not matter if there is one physical disk that is shared
between 1000 processes or between 10 VMs each running 100 processes
(assuming a shared random pool).
The entropy is not generated by the disk but by the processes accessing
it in a (hopefully) non-deterministic way. The HDD interrupts are just
the sampling point. Therefore gaining entropy depends on the level of
abstraction where the sampling point is placed. It can be assumed that
the buffered HDD writing and reading on the host of a VM produce
less entropy than the real read(2) and write(2) calls within the VM
itself.
Bye
Thomas
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list