On Mon, 02 Aug 2010, Yaron Sheffer wrote: > the interesting thread on seeding and reseeding /dev/random did not > mention that many of the most problematic systems in this respect > are virtual machines. Such machines (when used for "cloud
Any decent hypervisor can supply entropy to the VMs. For about US$100/hypervisor you add a slow speed (less than 1Mbit/s) TRNG, or you can get a high-speed one for around US$ 1000/hypervisor, and distribute the entropy for all VMs. It is very cost-effective. Datacenters are easy, you can just buy a few low power VIA PadLock boxes and have them distribute several Mbit/s of entropy over the network. You can have at least 2 of them per 1U, or a lot more for custom designs or piled up in 2U using a shelf. You don't need entropy to use assymetric crypto to authenticate, receive an encripted session key, and proceed to receive an encripted stream, so the network and a cluster of entropy boxes is usable for initial seeding as well. Desktops with live-CDs and half-assed embedded boxes that lack a TRNG are the real problem. > In addition to the mitigations that were discussed on the list, such > machines could benefit from seeding /dev/random (or periodically > reseeding it) from the *host machine's* RNG. This is one thing > that's guaranteed to be different between VM instances. So my > question to the list: is this useful? Is this doable with popular > systems (e.g. Linux running on VMWare or VirtualBox)? Is this > actually being done? It is done, yes. I am not sure how out-of-the-box that is, but there are Linux kernel drivers to get entropy from the hypervisor. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com