Answering myself, it seems virtio-rng will be in 3.4: https://bugzilla.redhat.com/show_bug.cgi?id=977079
But I don't find it in the planning: https://docs.google.com/spreadsheet/ccc?key=0AuAtmJW_VMCRdHJ6N1M3d1F1UTJTS1dSMnZwMF9XWVE&usp=sharing#gid=0 Nevertheless it would be cool if someone could give some advice how to handle entropy until 3.4 gets released (and I have time to upgrade). Am 13.12.2013 09:09, schrieb Sven Kieske: > Hi, > > I'm just wondering: How is the state > of the virtio-rng implementation? > > I'm asking because I need to regenerate > ssh host keys in newly deployed vms. > > (I seem to be the only person, or everybody > else has found the solution, or nobody thinks > about security, or a mixture of the above?) > > Additional I found no really guidance > on how much entropy bits should be > available to generate a secure key > inside a vm, beside these numbers: > > http://www.ietf.org/rfc/rfc1750.txt > suggests about 128 bits of entropy > for a single cryptographic operation. > > various other sources mention ranges > between 100-200 or even at least 4096 > entropy bits. > > Would it be a workaround to add a virtual > sound device and use this one for /dev/random ? > (But it would be useless if you have no real sound hardware I guess). > > Additional when you want to regenerate host keys in e.g. Ubuntu > 3 Keys get generated so you need even more entropy to be on the > save side. > > If you got any links to best practices or some > good news regarding the state of virtio-rng that would be awesome. > > Currently my vms have around 130-160 entropy bits available. > -- Mit freundlichen Grüßen / Regards Sven Kieske Systemadministrator Mittwald CM Service GmbH & Co. KG Königsberger Straße 6 32339 Espelkamp T: +49-5772-293-100 F: +49-5772-293-333 https://www.mittwald.de Geschäftsführer: Robert Meyer St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users