That statement is pretty toxic... I wonder where it came from. It is at best horribly misleading and actively encourages dangerous behaviours even for the cases where it isn't actively wrong.
Paolo Bonzini <pbonz...@redhat.com> wrote: >Il 26/10/2012 21:07, H. Peter Anvin ha scritto: >> This is surreal. Output from /dev/hwrng turns into output for >/dev/random... it us guaranteed worse; period, end of story. > >Isn't that exactly what happens in bare-metal? hwrng -> rngd -> >random. Instead here >we'd have, host hwrng -> virtio-rng-pci -> guest hwrng -> guest rngd -> >guest random. > >The only difference is that you paravirtualize access to the host hwrng >to a) distribute >entropy to multiple guests; b) support migration across hosts with >different CPUs and >hardware. > >> I don't know who the "agreement" is with, but it is ridiculous in >this case. > >man 4 random: > >While some safety margin above that minimum is reasonable, as a guard >against >flaws in the CPRNG algorithm, no cryptographic primitive available >today can >hope to promise more than 256 bits of security, so if any program reads > more >than 256 bits (32 bytes) from the kernel random pool per invocation, >or per >reasonable reseed interval (not less than one minute), that should be >taken > as a sign that its cryptography is not skilfully implemented. > >Paolo -- Sent from my mobile phone. Please excuse brevity and lack of formatting.
