qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 0/6] add paravirtualization hwrng support


From: Paolo Bonzini
Subject: Re: [Qemu-devel] [PATCH 0/6] add paravirtualization hwrng support
Date: Fri, 26 Oct 2012 21:51:02 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20121016 Thunderbird/16.0.1

Il 26/10/2012 21:07, H. Peter Anvin ha scritto:
> This is surreal.  Output from /dev/hwrng turns into output for /dev/random... 
> it us guaranteed worse; period, end of story.

Isn't that exactly what happens in bare-metal?  hwrng -> rngd -> random.  
Instead here
we'd have, host hwrng -> virtio-rng-pci -> guest hwrng -> guest rngd -> guest 
random.

The only difference is that you paravirtualize access to the host hwrng to a) 
distribute
entropy to multiple guests; b) support migration across hosts with different 
CPUs and
hardware.

> I don't know who the "agreement" is with, but it is ridiculous in this case.

man 4 random:

       While some safety margin above that minimum is reasonable, as a guard 
against
       flaws  in the CPRNG algorithm, no cryptographic primitive available 
today can
       hope to promise more than 256 bits of security, so if any program reads  
more
       than  256  bits (32 bytes) from the kernel random pool per invocation, 
or per
       reasonable reseed interval (not less than one minute), that should  be  
taken
       as a sign that its cryptography is not skilfully implemented.

Paolo



reply via email to

[Prev in Thread] Current Thread [Next in Thread]