From: "Ted Ts'o" <tytso@mit.edu>
To: Sandy Harris <sandyinchina@gmail.com>
Cc: LKML <linux-kernel@vger.kernel.org>
Subject: Re: random(4) driver questions
Date: Mon, 27 Jun 2011 10:54:42 -0400 [thread overview]
Message-ID: <20110627145442.GA2729@thunk.org> (raw)
In-Reply-To: <BANLkTinC7vfaRWf5TK9gJuQVtVwDkEQFcQ@mail.gmail.com>
On Sat, Jun 25, 2011 at 01:51:07PM +0800, Sandy Harris wrote:
> There was a paper some time back by a group of Israeli researchers
> and looking at the Linux /dev/random driver, and claiming to find
> it wanting in several ways. www.pinkas.net/PAPERS/gpr06.pdf
>
> To what extent have their objections been dealt with. If some
> were considered bogus, is there documentation somewhere
> explaining why?
Suffice it to say the random generator has changed significantly since
2006. There is now a secondary pool, which uses catastrophic
reseeding, etc.
> One problem they pointed out is that there may be little
> entropy available on a Linux-based router; no keyboard or
> mouse, solid state storage so no disk entropy, and an
> enemy might observe network activity, so network
> interrupts give little or no useful entropy.
Sure, but a Linux-based router shouldn't be doing crypto work. If it
*is* and it is important crypto work, then it needs a hardware random
number generator. There's no magic here.
If you don't want to pay the cost of a random number generator, you
can do things such as at installation time, bootstrapping the random
number generator with some cryptographically secure randomness
available by the installation system.
> The only in-kernel solution I can think of would be
> to add something in the system call interface to
> make very system call throw timing information
> into the pool. I very much doubt, though, that that
> is a good idea. What do others think, and does
> anyone have a better idea?
It won't hurt (aside from wasting CPU time, assuming you don't add any
entropy credits), but won't necessarily help, either.
> What happens to /dev/random when it runs on
> a virtual machine and all the things it relies on
> for entropy get virtualised away?
>
> The server that the VM is hosted on will usually
> have plenty of entropy, often a hardware RNG.
> Is there an interface that makes that visible
> from the VM? Perhaps a virtual "hardware"
> RNG driven by /dev/urandom on the host?
Yes, paravirtualizing the random number generator would be a big help.
Probably what I would do is to periodically add entropy from the host
OS to the guest OS, via some paravirt channel. This would add a new
"catastrophic reseeding", and if the virtual guest can mix in some
other unknown material, again that can only help.
- Ted
next prev parent reply other threads:[~2011-06-27 14:54 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-25 5:51 random(4) driver questions Sandy Harris
2011-06-25 12:53 ` Alexander Clouter
2011-06-27 14:54 ` Ted Ts'o [this message]
2011-06-27 15:08 ` Sasha Levin
2011-06-28 4:44 ` Johann Meier
2011-06-28 5:47 ` Sandy Harris
2011-06-28 19:44 ` Henrique de Moraes Holschuh
2011-06-28 6:02 ` Sandy Harris
2011-06-28 14:42 ` Ted Ts'o
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110627145442.GA2729@thunk.org \
--to=tytso@mit.edu \
--cc=linux-kernel@vger.kernel.org \
--cc=sandyinchina@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox