[145603] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: /dev/random and virtual systems

daemon@ATHENA.MIT.EDU (Paul Wouters)
Tue Aug 3 11:41:01 2010

Date: Mon, 2 Aug 2010 19:42:39 -0400 (EDT)
From: Paul Wouters <paul@xelerance.com>
To: Yaron Sheffer <yaronf.ietf@gmail.com>
cc: cryptography@metzdowd.com
In-Reply-To: <4C571EA2.7050909@gmail.com>

On Mon, 2 Aug 2010, Yaron Sheffer wrote:

> In addition to the mitigations that were discussed on the list, such machines 
> could benefit from seeding /dev/random (or periodically reseeding it) from 
> the *host machine's* RNG. This is one thing that's guaranteed to be different 
> between VM instances. So my question to the list: is this useful? Is this 
> doable with popular systems (e.g. Linux running on VMWare or VirtualBox)? Is 
> this actually being done?

Both xen and kvm do not do this currently. It is problematic for servers.

Paul

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[145603] in cryptography@c2.net mail archive

Re: /dev/random and virtual systems

daemon@ATHENA.MIT.EDU (Paul Wouters)Tue Aug 3 11:41:01 2010

daemon@ATHENA.MIT.EDU (Paul Wouters)
Tue Aug 3 11:41:01 2010