At Mon, 5 Apr 2021 01:05:58 +0200, Joerg Sonnenberger <[email protected]> wrote: Subject: Re: regarding the changes to kernel entropy gathering > > Part of the problem here is that most of the non-RNG data sources are > easily observable either from the local system (e.g. any malicious user) > or other VMs on the same machine (in case of a hypervisor) or local > machines on the same network (in case of network interrupts).
It _Just_ _Doesn't_ _Matter_ (i.e. for many of us, most of the time).
Now ideally in the hypervisor scenario we would have a backend device
that read from /dev/random and offered it to the VM guest as a virtual
hardware RNG. Or maybe it's as simple as passing a those few bytes
through a custom Xenstore string and having a script in the VM read them
and inject them into /dev/random. But that's not been done yet.
BTW, personally, on at least on some machines, I don't have any worry
whatsoever at the moment about one VM guest spying on, or influencing
the PRNG, in another. Zero worry. They're all _me_. I don't need some
theoretically perfect level of protection from myself.
--
Greg A. Woods <[email protected]>
Kelowna, BC +1 250 762-7675 RoboHack <[email protected]>
Planix, Inc. <[email protected]> Avoncote Farms <[email protected]>
pgpqbpSPpUT4a.pgp
Description: OpenPGP Digital Signature
