Re: [Qemu-devel] RFC: virtio-rng and /dev/urandom

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] RFC: virtio-rng and /dev/urandom

From:	Daniel P. Berrange
Subject:	Re: [Qemu-devel] RFC: virtio-rng and /dev/urandom
Date:	Mon, 18 Apr 2016 10:28:42 +0100
User-agent:	Mutt/1.5.24 (2015-08-30)

On Fri, Apr 15, 2016 at 08:56:59AM -0700, H. Peter Anvin wrote:
> On April 15, 2016 3:41:34 AM PDT, Cole Robinson <address@hidden> wrote:
> >Libvirt currently rejects using host /dev/urandom as an input source
> >for a
> >virtio-rng device. The only accepted sources are /dev/random and
> >/dev/hwrng.
> >This is the result of discussions on qemu-devel around when the feature
> >was
> >first added (2013). Examples:
> >
> >http://lists.gnu.org/archive/html/qemu-devel/2012-09/msg02387.html
> >https://lists.gnu.org/archive/html/qemu-devel/2013-03/threads.html#00023
> >
> >libvirt's rejection of /dev/urandom has generated some complaints from
> >users:
> >
> >https://bugzilla.redhat.com/show_bug.cgi?id=1074464
> >* cited: http://www.2uo.de/myths-about-urandom/
> >http://www.redhat.com/archives/libvir-list/2016-March/msg01062.html
> >http://www.redhat.com/archives/libvir-list/2016-April/msg00186.html
> >
> >I think it's worth having another discussion about this, at least with
> >a
> >recent argument in one place so we can put it to bed. I'm CCing a bunch
> >of
> >people. I think the questions are:
> >
> >1) is the original recommendation to never use virtio-rng+/dev/urandom
> >correct?
> >
> >2) regardless of #1, should we continue to reject that config in
> >libvirt?
> >
> >Thanks,
> >Cole
> 
> Using /dev/urandom for virtio-rng, *except* perhaps for a small seed,
> it a complete waste of cycles.  There is absolutely no reason to have
> one prng feed another.

Regardless of the performance aspect, the key question we need the
answer to is whether it *cryptographically safe* to use /dev/urandom
on the host to feed virtio-rng. The original discussion said it was
/unsafe/ to use /dev/urandom, hence why we do not allow it.  If the
only downside is wasted performance, then it is reasonable to allow
the user to use /dev/urandom if they so wish.

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-devel] RFC: virtio-rng and /dev/urandom, (continued)
- Re: [Qemu-devel] RFC: virtio-rng and /dev/urandom, H. Peter Anvin, 2016/04/15
  - Re: [Qemu-devel] RFC: virtio-rng and /dev/urandom, Hubert Kario, 2016/04/15
  - Re: [Qemu-devel] RFC: virtio-rng and /dev/urandom, Daniel P. Berrange <=
    - Re: [Qemu-devel] RFC: virtio-rng and /dev/urandom, H. Peter Anvin, 2016/04/18
    - Re: [Qemu-devel] RFC: virtio-rng and /dev/urandom, Hubert Kario, 2016/04/18
    - Re: [Qemu-devel] RFC: virtio-rng and /dev/urandom, Daniel P. Berrange, 2016/04/18
    - Re: [Qemu-devel] RFC: virtio-rng and /dev/urandom, H. Peter Anvin, 2016/04/18
- Re: [Qemu-devel] RFC: virtio-rng and /dev/urandom, Cole Robinson, 2016/04/20

Prev by Date: [Qemu-devel] [PATCH] migration: remove useless code
Next by Date: Re: [Qemu-devel] [PATCH for-2.7 v2 05/17] raw-posix: Implement .bdrv_lockf
Previous by thread: Re: [Qemu-devel] RFC: virtio-rng and /dev/urandom
Next by thread: Re: [Qemu-devel] RFC: virtio-rng and /dev/urandom
Index(es):
- Date
- Thread