qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] virtio-rng and fd passing

From: H. Peter Anvin
Subject: Re: [Qemu-devel] virtio-rng and fd passing
Date: Fri, 01 Mar 2013 12:15:35 -0800
User-agent: K-9 Mail for Android 
The guest kernel already provides the PRNG itself.  We have been over this...

Stefan Berger <address@hidden> wrote:

>On 03/01/2013 02:37 PM, H. Peter Anvin wrote:
>> On 02/28/2013 04:36 PM, Eric Blake wrote:
>>> Stefan Berger and I discovered on IRC that virtio-rng is unable to
>>> support fd passing.  We attempted:
>>>
>>> qemu-system-x86_64 ... -add-fd
>>> set=4,fd=34,opaque=RDONLY:/dev/urandom
>>                              ^^^^^^^^^^^^
>>> -object rng-random,id=rng0,filename=/dev/fdset/4 -device
>>> virtio-rng-pci,rng=rng0,bus=pci.0,addr=0x6
>>>
>> Unrelated, but you really, really, really don't want to pass
>> /dev/urandom there, use /dev/random.
>
>From what I am reading about /dev/random is that it will start blocking
>
>once not enough entropy is available anymore. Sounds like this could be
>
>abused if multiple VMs were using this device and one drains the 
>entropy.. An alternative may be to pick go through a crypto library
>that 
>seeds itself with entropy and implements random number generators 
>following NIST 800-90 for example. Freebl would offer at least one such
>
>implementation:
>
>http://dxr.mozilla.org/mozilla-central/security/nss/lib/freebl/drbg.c.html
>
>-   search for 'NIST' there
>
>     Stefan

-- 
Sent from my mobile phone. Please excuse brevity and lack of formatting.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]