[147733] in cryptography@c2.net mail archive
Re: [Cryptography] [RNG] on RNGs, VM state, rollback, etc.
daemon@ATHENA.MIT.EDU (John Denker)
Fri Oct 18 15:21:27 2013
X-Original-To: cryptography@metzdowd.com
Date: Fri, 18 Oct 2013 11:54:56 -0700
From: John Denker <jsd@av8n.com>
To: rng@lists.bitrot.info, Cryptography <cryptography@metzdowd.com>
In-Reply-To: <20131018160036.GR31463@subspacefield.org>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/17/2013 10:05 AM, Kent Borg wrote:
>
> But is this something that /dev/urandom might do better? Should
> blocking be added to /dev/urandom immediately after boot until some
> reasonable threshold has been reached at least once? Or on first
> boot are common distributions restoring a bad seed file and
> /dev/random can't tell? Arrgh, I am starting to think that the RNG
> is the wrong place to fix it.
> There are certainly larger system issues,
Agreed, this is a system issue, not so much a /dev/u?random issue.
Blocking /dev/urandom is a bad idea. Providing a good seed is the key.
Similarly ... on 10/18/2013 09:00 AM, travis+ml-rng@subspacefield.org wrote:
> I'm wondering if there shouldn't be an API of some kind for a VM to
> request an unpredictable seed from the host system. Not as robust as
> dakarand unless/until widely implemented, but complementary.
Well, for qemu there is something.
I quote from http://wiki.qemu-project.org/Features-Done/VirtIORNG ...
>> VirtIO RNG is a paravirtualized device that is exposed as a hardware RNG device to the guest
================
Also: Almost every VM I've seen provides a mechanism for shared
access to files. A simple standard solution is to have the host
write some randomly-generated bits into a file that the guest
can read.
===============
Thirdly: Booting from a read-only CD or similar .iso image,
there is a problem if lots of people have images with the
same initial seed for the PRNG.
Several years ago I wrote some code that can take apart a .iso
image, replace the seed, and put everything back together again.
This allows one to rather cheaply make N images all different.
For details, see
http://www.av8n.com/computer/htm/fixup-live-cd.htm
I tried to get this incorporated into the Ubuntu distribution,
to no avail.
Note that if the machine can be booted with *some* randomness,
it can be given more, via a securely encrypted link, using
simple userspace tools. There is a tool distributed with
turbid that reads a file (or stdin) and does the ioctl to
feed randomness to the kernel.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIVAwUBUmGEAPO9SFghczXtAQIckg//SYcFmZex9MpB4jrb5XI9/KEvbeBMCKHS
Wslg2rLDnM/1E8ncjfxZnFcM6xKQFyuYgcPqHpt5IiStwJozrIDSh/bk6YqVjaOA
+fRkNLuE4R8tjKKW8CZpyqpw3xMp0Eh3I6lYFCXN3Cp3Acqcvoc654RjAXb350RF
eACgBAPKkpkFVVpoZq/UV4AV1KxpVwwteGoUXGA+79cEixL69AMmV1af/QBfd/6J
I8+NwKhDeRrVC5TlQ6E7wrDXOv277hrfTgvuhxlBSkX06OVv1frRcYLdshY0IcOA
DuiWY1ncT0BWFYGW7jPumxCCj3zAb2K6ifksWQjV/GKJw5SWhmCpn47OhTM0t6ie
3R8WiWTUXci7nkje34kYxv9elqhgrBRxcepdwgqhqo9l3pjmwvDTJfmH68bIPcJ1
J/s99KogdRox3dbJSPUJqvfVpkbJ/S3ovrDcfCeLZjqKvEZUHoT+qQVPy665ujPX
93Gb7PXwGkILVaKxHvnHD4qbn8i9HLqfU5QurGH9Iu80J6i68u6jJgK8QRcKetSa
Q1aigUgohy2LwAOqHnqus50S+p6iKN/UZF3cKUi2/y/AqpQiQIODf87MoYAmbfmr
4ZU3JQZbEf2zSPf4Gr5YEcAzohsoUnd9mepPdyEKzFc4YXKKf0DcfdQeT9i4qS9o
3JhJ0t3sWo0=
=COiJ
-----END PGP SIGNATURE-----
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography