On Friday 15 April 2016 09:47:51 Eric Blake wrote: > On 04/15/2016 04:41 AM, Cole Robinson wrote: > > Libvirt currently rejects using host /dev/urandom as an input source > > for a virtio-rng device. The only accepted sources are /dev/random > > and /dev/hwrng. This is the result of discussions on qemu-devel > > around when the feature was first added (2013). Examples: > > > > http://lists.gnu.org/archive/html/qemu-devel/2012-09/msg02387.html > > https://lists.gnu.org/archive/html/qemu-devel/2013-03/threads.html#0 > > 0023 > > > > libvirt's rejection of /dev/urandom has generated some complaints > > from users: > > > > https://bugzilla.redhat.com/show_bug.cgi?id=1074464 > > * cited: http://www.2uo.de/myths-about-urandom/ > > http://www.redhat.com/archives/libvir-list/2016-March/msg01062.html > > http://www.redhat.com/archives/libvir-list/2016-April/msg00186.html > > > > I think it's worth having another discussion about this, at least > > with a recent argument in one place so we can put it to bed. I'm > > CCing a bunch of people. I think the questions are: > > > > 1) is the original recommendation to never use > > virtio-rng+/dev/urandom correct? > That I'm not sure about - and the answer may be context-dependent (for > example a FIPS user may care more than an ordinary user) /dev/urandom use is FIPS compliant, no FIPS-validated protocol or cryptographic primitive requires the "fresh" entropy provided by /dev/random. All primitives are designed to work with weaker entropy guarantees than what /dev/urandom provides. -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
Attachment:
signature.asc
Description: This is a digitally signed message part.
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list