|From:||"H. Peter Anvin" <hpa-AT-zytor.com>|
|To:||Rusty Russell <rusty-AT-rustcorp.com.au>|
|Subject:||Re: [PATCH 2/2] lguest: virtio-rng support|
|Date:||Fri, 16 May 2008 21:50:31 -0700|
|Cc:||Theodore Tso <tytso-AT-mit.edu>, Herbert Xu <herbert-AT-gondor.apana.org.au>, Jeff Garzik <jeff-AT-garzik.org>, LKML <linux-kernel-AT-vger.kernel.org>, virtualization-AT-lists.linux-foundation.org, Christian Borntraeger <borntraeger-AT-de.ibm.com>, Matt Mackall <mpm-AT-selenic.com>, Johannes Berg <johannes-AT-sipsolutions.net>|
Rusty Russell wrote: > On Friday 16 May 2008 20:49:41 Johannes Berg wrote: >>> + >>> +/* Our random number generator device reads from /dev/urandom into the Guest's >>> + * input buffers. The usual case is that the Guest doesn't want random numbers >>> + * and so has no buffers although /dev/urandom is still readable, whereas >>> + * console is the reverse. >> Is it really a good idea to use the hosts /dev/urandom to fill the >> guests /dev/random? > > Technically it's up to rngd in the guest to decide whether to feed entropy > or not (ie. /dev/urandom or /dev/random). Uhm, no. It's not. Unless the host provides actual entropy information, you have a security hole. > If we use /dev/random in the host, we risk a DoS. But since /dev/random > is 0666 on my system, perhaps noone actually cares? /dev/random = give me actual entropy, if you have some. /dev/urandom = give me what you have, regardless of quality. There is no point in feeding the host /dev/urandom to the guest (except for seeding, which can be handled through other means); it will do its own mixing anyway. The reason to provide anything at all from the host is to give it "golden" entropy bits. -hpa
Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds