[149346] in cryptography@c2.net mail archive
Re: [Cryptography] request for consideration: VM guest entropy:
daemon@ATHENA.MIT.EDU (Yaron Sheffer)
Mon Feb 3 23:47:05 2014
X-Original-To: cryptography@metzdowd.com
Date: Mon, 03 Feb 2014 19:22:35 -0800
From: Yaron Sheffer <yaronf.ietf@gmail.com>
To: John Denker <jsd@av8n.com>, cryptography@metzdowd.com
In-Reply-To: <52F03E35.1060205@av8n.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
To inject a bit of pessimism into the discussion:
Amazon Web Services is currently the largest public cloud. At the moment
they don't provide a way for instances (guests) to read randomness from
the host. Despite the fact that AWS is based on Xen, and Xen does have
such support.
I also checked one of my instances on Amazon (cat /proc/cpuinfo), and it
does not support RdRand. Of course they could be virtualizing the CPUID
command, too.
Our production instances use a proprietary way to seed /dev/random on
startup. Basically they "call home" to get some bits. A more generic
alternative could use DHCP:
http://tools.ietf.org/html/draft-sheffer-dhc-initial-random-00.
Thanks,
Yaron
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
