Rusty Russell wrote: >> Uhm, no. It's not. Unless the host provides actual entropy >> information, you have a security hole. > > Huh? We just can't assume it adds entropy. AFAICT rngd -H0 is what we want > here. We can, if it comes from /dev/random. >>> If we use /dev/random in the host, we risk a DoS. But since /dev/random >>> is 0666 on my system, perhaps noone actually cares? >> There is no point in feeding the host /dev/urandom to the guest (except >> for seeding, which can be handled through other means); it will do its >> own mixing anyway. > > Seeding is good, but unlikely to be done properly for first boot of some > standard virtualized container. In practice, feeding /dev/urandom from the > host will make /dev/urandom harder to predict in the guest. Only up to a point. >> The reason to provide anything at all from the host >> is to give it "golden" entropy bits. > > But you did not address the DoS question: can we ignore it? Or are we trading > off a DoS in the host against a potential security weakness in the guest? > > If so, how do we resolve it? I don't think you have a DoS situation at all. The worst thing is that you don't have any entropy available at all, at which point /dev/urandom is as insecure as it ever is. -hpa _______________________________________________ Virtualization mailing list Virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/virtualization
