From: "Ted Ts'o" <tytso@mit.edu>
To: Sandy Harris <sandyinchina@gmail.com>
Cc: LKML <linux-kernel@vger.kernel.org>
Subject: Re: random(4) driver questions
Date: Mon, 27 Jun 2011 10:54:42 -0400 [thread overview]
Message-ID: <20110627145442.GA2729@thunk.org> (raw)
In-Reply-To: <BANLkTinC7vfaRWf5TK9gJuQVtVwDkEQFcQ@mail.gmail.com>
On Sat, Jun 25, 2011 at 01:51:07PM +0800, Sandy Harris wrote:
> There was a paper some time back by a group of Israeli researchers
> and looking at the Linux /dev/random driver, and claiming to find
> it wanting in several ways. www.pinkas.net/PAPERS/gpr06.pdf
>
> To what extent have their objections been dealt with. If some
> were considered bogus, is there documentation somewhere
> explaining why?
Suffice it to say the random generator has changed significantly since
2006. There is now a secondary pool, which uses catastrophic
reseeding, etc.
> One problem they pointed out is that there may be little
> entropy available on a Linux-based router; no keyboard or
> mouse, solid state storage so no disk entropy, and an
> enemy might observe network activity, so network
> interrupts give little or no useful entropy.
Sure, but a Linux-based router shouldn't be doing crypto work. If it
*is* and it is important crypto work, then it needs a hardware random
number generator. There's no magic here.
If you don't want to pay the cost of a random number generator, you
can do things such as at installation time, bootstrapping the random
number generator with some cryptographically secure randomness
available by the installation system.
> The only in-kernel solution I can think of would be
> to add something in the system call interface to
> make very system call throw timing information
> into the pool. I very much doubt, though, that that
> is a good idea. What do others think, and does
> anyone have a better idea?
It won't hurt (aside from wasting CPU time, assuming you don't add any
entropy credits), but won't necessarily help, either.
> What happens to /dev/random when it runs on
> a virtual machine and all the things it relies on
> for entropy get virtualised away?
>
> The server that the VM is hosted on will usually
> have plenty of entropy, often a hardware RNG.
> Is there an interface that makes that visible
> from the VM? Perhaps a virtual "hardware"
> RNG driven by /dev/urandom on the host?
Yes, paravirtualizing the random number generator would be a big help.
Probably what I would do is to periodically add entropy from the host
OS to the guest OS, via some paravirt channel. This would add a new
"catastrophic reseeding", and if the virtual guest can mix in some
other unknown material, again that can only help.
- Ted
next prev parent reply other threads:[~2011-06-27 14:54 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-25 5:51 random(4) driver questions Sandy Harris
2011-06-25 12:53 ` Alexander Clouter
2011-06-27 14:54 ` Ted Ts'o [this message]
2011-06-27 15:08 ` Sasha Levin
2011-06-28 4:44 ` Johann Meier
2011-06-28 5:47 ` Sandy Harris
2011-06-28 19:44 ` Henrique de Moraes Holschuh
2011-06-28 6:02 ` Sandy Harris
2011-06-28 14:42 ` Ted Ts'o
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110627145442.GA2729@thunk.org \
--to=tytso@mit.edu \
--cc=linux-kernel@vger.kernel.org \
--cc=sandyinchina@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.