[Cryptography] provisioning a seed for /dev/urandom
James A. Donald
jamesd at echeque.com
Sun Oct 27 03:03:03 EDT 2013
>> You aren't going to have lots high quality randomness available via
>> /dev/random on the hypervisor in currently deployed VM hosting environments.
> There is typically plenty of interrupts from your network and storage
> devices which should provide plenty of entropy for the hypervisor.
Every interrupt should provide at least one bit of entropy. There
should be a lot more than 128 interrupts before the hypervisor gets running.
Thus, correctly programmed, the real urandom should have plenty of
randomness to provide the virtual urandom, immediately a virtual machine
is launched.
Of course, whether it actually is correctly programmed is another question.
More information about the cryptography
mailing list