[Cryptography] request for consideration: VM guest entropy: specific constructive suggestions

Bill Frantz frantz at pwpconsult.com
Tue Feb 4 14:03:24 EST 2014

On 2/3/14 at 12:55 PM, jsd at av8n.com (John Denker) wrote:

> ...
>   Qemu already knows how to provide the guest with a virtual /dev/hwrng
>    device ... it's just not the default.  References:
>       http://wiki.qemu.org/Features-Done/VirtIORNG
>       https://www.kernel.org/doc/Documentation/hw_random.txt
>   Suggestion #1:  Make it the default, for security reasons.
> ...
>    Suggestion #2:  On hardware where a satisfactory RDRAND instruction is 
>     not native, one could teach qemu to trap and emulate this instruction.
> ...
> Do we have consensus on this list that the foregoing suggestions are 
> reasonable?  They obviously don't solve all the world's problems, but
> can they be considered cost-effective steps in the right direction?

These suggestions fall in the category of "include anything that might be useful". I support them.

Cheers - Bill

Bill Frantz        | If the site is supported by  | Periwinkle
(408)356-8506      | ads, you are the product.    | 16345 Englewood Ave
www.pwpconsult.com |                              | Los Gatos, CA 95032

More information about the cryptography mailing list