[147857] in cryptography@c2.net mail archive
Re: [Cryptography] provisioning a seed for /dev/urandom
daemon@ATHENA.MIT.EDU (James A. Donald)
Sun Oct 27 15:58:50 2013
X-Original-To: cryptography@metzdowd.com
Date: Sun, 27 Oct 2013 17:03:03 +1000
From: "James A. Donald" <jamesd@echeque.com>
To: cryptography@metzdowd.com
In-Reply-To: <20131026165828.GA12361@thunk.org>
Reply-To: jamesd@echeque.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
>> You aren't going to have lots high quality randomness available via
>> /dev/random on the hypervisor in currently deployed VM hosting environments.
> There is typically plenty of interrupts from your network and storage
> devices which should provide plenty of entropy for the hypervisor.
Every interrupt should provide at least one bit of entropy. There
should be a lot more than 128 interrupts before the hypervisor gets running.
Thus, correctly programmed, the real urandom should have plenty of
randomness to provide the virtual urandom, immediately a virtual machine
is launched.
Of course, whether it actually is correctly programmed is another question.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography