[Cryptography] cheap sources of entropy

James A. Donald Jamesd at echeque.com
Mon Feb 3 17:44:51 EST 2014

On 2014-02-03 16:22, Bill Stewart wrote:
> I'm mainly worried about the "new virtual machine, cloned from a 
> standard image" case,
> which needs to set up ssh keys, ssl keys, and seed /dev/random before 
> it's ready to deal with the rest of the world
> in ways that would give it some more entropy to work with.

The normal case of replicating an up and running VM is scalable cloud 
service, where one increases machines to meet demand or decrease 
machines to save money.  In such case, they will all have the same keys 
as the original, which keys you generated long after booting up the 

If we have an image of an up and running machine, which we clone using 
copy on write, how does it know to set up new keys?  There has to be a 
command "generate new identity".  When telling the cloned image to 
generate new keys, give it some randomness.   I don't think this case 
arises in practice

If we have an image of a bootable disk, cloning is going to be IO bound, 
and timing of events will contain the inherent randomness of the 
physical processes involved in getting the data.

More information about the cryptography mailing list