From mboxrd@z Thu Jan  1 00:00:00 1970
From: Stephan Seitz <s.seitz@netz-haut.de>
Subject: dom0 and domU /dev/urandom generating too less entropy
Date: Wed, 10 Oct 2007 22:00:10 +0200
Message-ID: <470D2F4A.8070000@netz-haut.de>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0412877963=="
Return-path: <xen-devel-bounces@lists.xensource.com>
List-Unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Mime-version: 1.0
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: XEN User - listmembers <xen-users@lists.xensource.com>, XEN Devel - listmembers <xen-devel@lists.xensource.com>
List-Id: xen-devel@lists.xenproject.org

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============0412877963==
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
	boundary="------------enig9F27712DBA1DBA8464343768"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig9F27712DBA1DBA8464343768
Content-Type: multipart/mixed; boundary="------------070509000503040907040904"

This is a multi-part message in MIME format.
--------------070509000503040907040904
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: quoted-printable

Hi there,

I've recently seen problems after migrating physical servers into
paravirtualized domU's.

The migrated systems vary from debian woody, sarge, ubuntu >=3Dbreezy,
each system with it's own but manageable problems.

On thing in common is: /dev/urandom generates too less entropy for
e.g. ssh-keygen.
Last days, i found even sshd itself dying by too less entropy:

sshd[26134]: fatal: Couldn't obtain random bytes (error 604389476)

We're using an own build derived from the 3.1.0 tarball, but without
any substantial changes to the code:
The currently used kernel has been heavily patched, but this issue
doesn't seem to be kernel-specific.
We tried the 2.6.18 (xensource 3.1.0) as well as different distro
kernels.

host                   :
release                : 2.6.20-100-server
version                : #2 SMP Sat Jun 2 12:18:40 UTC 2007
machine                : i686
nr_cpus                : 4
nr_nodes               : 1
sockets_per_node       : 1
cores_per_socket       : 4
threads_per_core       : 1
cpu_mhz                : 2394
hw_caps                : bfebfbff:20100000:00000000:00000140:0000e3bd:000=
00000:00000001
total_memory           : 8190
free_memory            : 1
xen_major              : 3
xen_minor              : 1
xen_extra              : .0
xen_caps               : xen-3.0-x86_32p hvm-3.0-x86_32 hvm-3.0-x86_32p
xen_scheduler          : credit
xen_pagesize           : 4096
platform_params        : virt_start=3D0xf5800000
xen_changeset          : unavailable
cc_compiler            : gcc version 4.1.2 (Ubuntu 4.1.2-0ubuntu4)
cc_compile_by          : root
cc_compile_domain      : halo.local
cc_compile_date        : Wed May 23 02:33:53 CEST 2007
xend_config_format     : 4


Do you know about a workaround, or maybe the possibility for another (xen=
-specific) RNG
besides of /dev/urandom ?

Thanks in advance!


--=20
Stephan Seitz
Senior System Administrator

*netz-haut* e.K.
multimediale kommunikation

zweierweg 22
97074 w=FCrzburg

fon: +49 931 2876247
fax: +49 931 2876248

web: www.netz-haut.de <http://www.netz-haut.de/>

registriergericht: amtsgericht w=FCrzburg, hra 5054

--------------070509000503040907040904
Content-Type: text/x-vcard; charset=utf-8;
 name="s.seitz.vcf"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
 filename="s.seitz.vcf"

begin:vcard
fn:Stephan Seitz
n:Seitz;Stephan
org:netz-haut e.K.
adr:;;Zweierweg 22;Wuerzburg;Bayern;97074;Deutschland
email;internet:s.seitz@netz-haut.de
title:Senior System Administrator
tel;work:+49-931-287-6247
tel;fax:+49-931-287-6248
x-mozilla-html:FALSE
url:http://www.schwarz-mode.de/files/
version:2.1
end:vcard


--------------070509000503040907040904--

--------------enig9F27712DBA1DBA8464343768
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHDS9NsU1z66G/Ui4RAl6tAKCAlSFC3DhmuSmNFhq/vQwwFvbugACfXqlH
sfYd0pGlS5QbrXeYeomM9xw=
=RfD7
-----END PGP SIGNATURE-----

--------------enig9F27712DBA1DBA8464343768--


--===============0412877963==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

--===============0412877963==--