[cryptography] [liberationtech] Random number generator, failure in Rasperri Pis?

Yaron Sheffer yaronf at porticor.com
Sat Jul 20 01:35:08 EDT 2013


A few months ago I posted a query [1] to the Amazon Web Services (the largest public cloud, running on Xen) forum on whether they're using libvirt for this purpose, and it was never answered. Does anybody around here have a clue?

Thanks,
	Yaron

[1]https://forums.aws.amazon.com/thread.jspa?messageID=415243

---

Hypervisors like KVM can expose random number generator devices to guests:
http://libvirt.org/formatdomain.html#elementsRng

Funny, because I just noticed KVM's default is /dev/random. If that's
the case, I think a guest could exhaust the entropy pool, cause
/dev/random to block, and stall any other VMs using it. I'll need to
try that out.

Regarding VM adoption, I've seen analyst estimates that say 50% of
workloads are currently virtualized. I can't provide a link because
they're in a paywalled report.

On Fri, Jul 19, 2013 at 3:26 PM, Nico Williams <nico at cryptonector.com  <http://lists.randombit.net/mailman/listinfo/cryptography>> wrote:
>/  The rpi's HW RNG is almost certainly better than many /dev/*random
/>/  implementations running as VM guests.  How much real business is
/>/  getting transacted on VMs nowadays?  Probably a lot.
/


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20130720/a3295a3d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4462 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20130720/a3295a3d/attachment.p7s>


More information about the cryptography mailing list