On Sun, Dec 29, 2013 at 03:05:12AM +0100, Jean-Yves Migeon wrote: > It means that the RNG was seeded with a (supposedly) bad state, e.g. > with not enough random bits to be deemed safe. > > It is generally not safe to keep long term keys generated during > that state.
IMO there is something to fix, as it is easy to miss the message during first boot. > IMHO long term keys should not be created directly from a domU, let > alone a VM; running a "dd if=/dev/random count=16 bs=1" can almost > hang indefinetly in a domU, or (even worse) output not-so-random > bits with other kind of VM subsystems (KVM without virtio-rng > drivers). On a generic host it should return almost instantly. If I understand correctly, the only problem for keys generated in a NetBSD domU is performances? If there is not enough randomness, it will just wait? -- Emmanuel Dreyfus [email protected]
