[81657] in cryptography@c2.net mail archive
Re: virtualization as a threat to RNG
daemon@ATHENA.MIT.EDU (The Fungi)
Wed Mar 21 20:36:10 2007
Date: Wed, 21 Mar 2007 23:21:16 +0000
To: cryptography@metzdowd.com
Reply-To: cryptography@metzdowd.com
Mail-Followup-To: cryptography@metzdowd.com
In-Reply-To: <a5539eb851d7abb4001c7f81d15a0942@geer.org>
From: The Fungi <fungi@yuggoth.org>
On Tue, Mar 20, 2007 at 08:14:26PM -0400, Dan Geer wrote:
> Quoting from a discussion of threat posed by software virtualization as
> found in Symantec's ISTR:xi, released today:
>
> >The second type of threat that Symantec believes could emerge is
> >related to the impact that softwarevirtualized computers may have on
> >random number generators that are used inside guest operating systems
> >on virtual machines.
[...]
I will note that, on User-Mode Linux at least, a good approach seems
to be using the UML kernel option/driver to broker access to the host's
entropy via a faked hardware RNG. The down-side is that your host may
well need a boosted entropy source, if you have a lot of guests
using this feature. I'm unsure, however, how other virtualization
platforms handle this issue...
--
{ IRL(Jeremy_Stanley); PGP(9E8DFF2E4F5995F8FEADDC5829ABF7441FB84657);
SMTP(fungi@yuggoth.org); IRC(fungi@irc.yuggoth.org#ccl); ICQ(114362511);
AIM(dreadazathoth); YAHOO(crawlingchaoslabs); FINGER(fungi@yuggoth.org);
MUD(fungi@katarsis.mudpy.org:6669); WWW(http://fungi.yuggoth.org/); }
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
