Re: [Qemu-devel] [libvirt] RFC: virtio-rng and /dev/urandom

From: "Richard W.M. Jones" <rjones@redhat.com>
To: Cole Robinson <crobinso@redhat.com>, sgrubb@redhat.com
Cc: Peter Krempa <pkrempa@redhat.com>,
	mik@miknet.net, libvirt-list@redhat.com,
	qemu-devel <qemu-devel@nongnu.org>,
	Paolo Bonzini <pbonzini@redhat.com>,
	hkario@redhat.com, hpa@zytor.com,
	Amit Shah <amit.shah@redhat.com>,
	jjaburek@redhat.com
Subject: Re: [Qemu-devel] [libvirt] RFC: virtio-rng and /dev/urandom
Date: Fri, 15 Apr 2016 12:54:56 +0100	[thread overview]
Message-ID: <20160415115456.GF4810@redhat.com> (raw)
In-Reply-To: <20160415114646.GY11600@redhat.com>

On Fri, Apr 15, 2016 at 12:46:46PM +0100, Richard W.M. Jones wrote:
> On Fri, Apr 15, 2016 at 06:41:34AM -0400, Cole Robinson wrote:
> > Libvirt currently rejects using host /dev/urandom as an input source for a
> > virtio-rng device. The only accepted sources are /dev/random and /dev/hwrng.
> > This is the result of discussions on qemu-devel around when the feature was
> > first added (2013). Examples:
> > 
> > http://lists.gnu.org/archive/html/qemu-devel/2012-09/msg02387.html
> > https://lists.gnu.org/archive/html/qemu-devel/2013-03/threads.html#00023
> > 
> > libvirt's rejection of /dev/urandom has generated some complaints from users:
> > 
> > https://bugzilla.redhat.com/show_bug.cgi?id=1074464
> > * cited: http://www.2uo.de/myths-about-urandom/
> > http://www.redhat.com/archives/libvir-list/2016-March/msg01062.html
> > http://www.redhat.com/archives/libvir-list/2016-April/msg00186.html
> > 
> > I think it's worth having another discussion about this, at least with a
> > recent argument in one place so we can put it to bed. I'm CCing a bunch of
> > people. I think the questions are:
> > 
> > 1) is the original recommendation to never use virtio-rng+/dev/urandom correct?
> > 
> > 2) regardless of #1, should we continue to reject that config in libvirt?
> 
> There was a lot of internal-to-Red Hat discussion on this which I
> can't reproduce here unfortunately.  However the crux of it was that
> it's quite safe to read enormous amounts from /dev/urandom, even
> without adding any entropy at all, and use those numbers for
> cryptographic purposes.

I should clarify I mean: *after* the pool has been initialized with
sufficient entropy in the first place (which happens very early in
boot), you can then read almost indefinitely.

Rich.

> Steve: can we disclose the research that was done into this?  If so
> can you summarise the results for us?
> 
> Rich.
> 
> -- 
> Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
> Read my programming and virtualization blog: http://rwmj.wordpress.com
> virt-p2v converts physical machines to virtual machines.  Boot with a
> live CD or over the network (PXE) and turn machines into KVM guests.
> http://libguestfs.org/virt-v2v
> 
> --
> libvir-list mailing list
> libvir-list@redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine.  Supports Linux and Windows.
http://people.redhat.com/~rjones/virt-df/