[Cryptography] request for consideration: VM guest entropy: specific constructive suggestions
Bill Frantz
frantz at pwpconsult.com
Tue Feb 4 14:03:24 EST 2014
On 2/3/14 at 12:55 PM, jsd at av8n.com (John Denker) wrote:
> ...
> Qemu already knows how to provide the guest with a virtual /dev/hwrng
> device ... it's just not the default. References:
> http://wiki.qemu.org/Features-Done/VirtIORNG
> https://www.kernel.org/doc/Documentation/hw_random.txt
>
> Suggestion #1: Make it the default, for security reasons.
> ...
> Suggestion #2: On hardware where a satisfactory RDRAND instruction is
> not native, one could teach qemu to trap and emulate this instruction.
> ...
>
> Do we have consensus on this list that the foregoing suggestions are
> reasonable? They obviously don't solve all the world's problems, but
> can they be considered cost-effective steps in the right direction?
These suggestions fall in the category of "include anything that might be useful". I support them.
Cheers - Bill
-----------------------------------------------------------------------
Bill Frantz | If the site is supported by | Periwinkle
(408)356-8506 | ads, you are the product. | 16345 Englewood Ave
www.pwpconsult.com | | Los Gatos, CA 95032
More information about the cryptography
mailing list