[libvirt] RFC: virtio-rng and /dev/urandom
H. Peter Anvin
hpa at zytor.com
Sat Apr 16 00:46:55 UTC 2016
On April 15, 2016 9:10:44 AM PDT, Hubert Kario <hkario at redhat.com> wrote:
>On Friday 15 April 2016 09:47:51 Eric Blake wrote:
>> On 04/15/2016 04:41 AM, Cole Robinson wrote:
>> > Libvirt currently rejects using host /dev/urandom as an input
>source
>> > for a virtio-rng device. The only accepted sources are /dev/random
>> > and /dev/hwrng. This is the result of discussions on qemu-devel
>> > around when the feature was first added (2013). Examples:
>> >
>> > http://lists.gnu.org/archive/html/qemu-devel/2012-09/msg02387.html
>> >
>https://lists.gnu.org/archive/html/qemu-devel/2013-03/threads.html#0
>> > 0023
>> >
>> > libvirt's rejection of /dev/urandom has generated some complaints
>> > from users:
>> >
>> > https://bugzilla.redhat.com/show_bug.cgi?id=1074464
>> > * cited: http://www.2uo.de/myths-about-urandom/
>> > http://www.redhat.com/archives/libvir-list/2016-March/msg01062.html
>> > http://www.redhat.com/archives/libvir-list/2016-April/msg00186.html
>> >
>> > I think it's worth having another discussion about this, at least
>> > with a recent argument in one place so we can put it to bed. I'm
>> > CCing a bunch of people. I think the questions are:
>> >
>> > 1) is the original recommendation to never use
>> > virtio-rng+/dev/urandom correct?
>> That I'm not sure about - and the answer may be context-dependent
>(for
>> example a FIPS user may care more than an ordinary user)
>
>/dev/urandom use is FIPS compliant, no FIPS-validated protocol or
>cryptographic primitive requires the "fresh" entropy provided by
>/dev/random. All primitives are designed to work with weaker entropy
>guarantees than what /dev/urandom provides.
That's not the point. The point is that it is a complete waste of resources when the PRNG can simply be run in the guest
--
Sent from my Android device with K-9 Mail. Please excuse brevity and formatting.
More information about the libvir-list
mailing list