Hi, I'm just wondering: How is the state of the virtio-rng implementation?
I'm asking because I need to regenerate ssh host keys in newly deployed vms. (I seem to be the only person, or everybody else has found the solution, or nobody thinks about security, or a mixture of the above?) Additional I found no really guidance on how much entropy bits should be available to generate a secure key inside a vm, beside these numbers: http://www.ietf.org/rfc/rfc1750.txt suggests about 128 bits of entropy for a single cryptographic operation. various other sources mention ranges between 100-200 or even at least 4096 entropy bits. Would it be a workaround to add a virtual sound device and use this one for /dev/random ? (But it would be useless if you have no real sound hardware I guess). Additional when you want to regenerate host keys in e.g. Ubuntu 3 Keys get generated so you need even more entropy to be on the save side. If you got any links to best practices or some good news regarding the state of virtio-rng that would be awesome. Currently my vms have around 130-160 entropy bits available. -- Mit freundlichen Grüßen / Regards Sven Kieske Systemadministrator Mittwald CM Service GmbH & Co. KG Königsberger Straße 6 32339 Espelkamp T: +49-5772-293-100 F: +49-5772-293-333 https://www.mittwald.de Geschäftsführer: Robert Meyer St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users