On 29.09.2016 22:43, bancfc@xxxxxxxxxxxxxxx wrote: > Hello. While I've been enabling virtio-rng since it became available I > recently understood that without restrictions a malicious guest can > potentially starve other VMs' entropy by overusing /dev/random so I set > the rate limit. > > Another question comes to mind. Does the way virtio-rng works pose a > security risk? - does it allow the guest to spy on the host's entropy > pool? (If so I'll have to disable it for untrusted VMs immediately) > Well, is it possible from say X bytes of /dev/random predict X+1 byte? If yes, then this is a security risk. If no, then you should be safe. But I'm no security expert. Michal -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list