[Cryptography] /dev/random is not robust
Theodore Ts'o
tytso at mit.edu
Thu Oct 17 17:29:52 EDT 2013
On Fri, Oct 18, 2013 at 03:43:08AM +0800, David Mercer wrote:
>
> Sometime in the last two months I described the somewhat widespread issue
> at VM hosting/cloud providers of provisioning VM's with the same
> /dev/urandom seed from the image template. firstboot scripts typically only
> get run at image generation, and then the urandom seed is frozen in amber,
> as it were, in the VM image template file. It is a fairly trivial fix to
> re-seed it from /dev/random (one line in the right place).
Yeah, there are some people (including Dustin Kirkland at Canonical)
working on automated provisioning of random seeds from the hypervisor
to the guest kernels.
If you are compiling your own guest kernel, and the hypervisor
supports it, using virtio-rng which allows the guest to use the host
OS's /dev/random to bootstrap its local entropy pool is almost
certainly the Right Thing.
Cheers,
- Ted
More information about the cryptography
mailing list