[Cryptography] request for consideration: VM guest entropy: specific constructive suggestions
tytso at mit.edu
Tue Feb 4 11:05:54 EST 2014
On Mon, Feb 03, 2014 at 06:11:17PM -0700, John Denker wrote:
> 2) Is somebody going to write an entropy-transfer daemon
> to move entropy from /dev/hwrng to /dev/random, and then
> make sure that all the distros incorporate this and enable
> it by default?
It already exists, and all/most distributions has had it for years.
It's called rngd.
Making it be the default is up to whoever is creating the base images
for various hosting providers. The bigger problem is that not all
cloud hosting providers are providing virtio-rng. But that code
exists today, so it's a matter of lobbying the hosting providers to
make it available. It appears Rackspace does support virtio-rng. As
others have mentioned Amazond doesn't appear to support virtio-rng.
More information about the cryptography