From: Stephen Hemminger <shemminger@osdl.org>
To: Andi Kleen <ak@suse.de>
Cc: xen-devel@lists.xensource.com, tytso@mit.edu,
Herbert Xu <herbert@gondor.apana.org.au>,
virtualization@lists.osdl.org, netdev@vger.kernel.org,
rdreier@cisco.com, linux-kernel@vger.kernel.org,
chrisw@sous-sol.org, ian.pratt@xensource.com
Subject: Re: [RFC PATCH 34/35] Add the Xen virtual network device driver.
Date: Thu, 11 May 2006 09:18:38 -0700 [thread overview]
Message-ID: <20060511091838.035c387c@localhost.localdomain> (raw)
In-Reply-To: <200605111147.53011.ak@suse.de>
On Thu, 11 May 2006 11:47:52 +0200
Andi Kleen <ak@suse.de> wrote:
> On Thursday 11 May 2006 09:49, Keir Fraser wrote:
> > On 11 May 2006, at 01:33, Herbert Xu wrote:
> > >> But if sampling virtual events for randomness is really unsafe (is it
> > >> really?) then native guests in Xen would also get bad random numbers
> > >> and this would need to be somehow addressed.
> > >
> > > Good point. I wonder what VMWare does in this situation.
> >
> > Well, there's not much they can do except maybe jitter interrupt
> > delivery. I doubt they do that though.
> >
> > The original complaint in our case was that we take entropy from
> > interrupts caused by other local VMs, as well as external sources.
> > There was a feeling that the former was more predictable and could form
> > the basis of an attack. I have to say I'm unconvinced: I don't really
> > see that it's significantly easier to inject precisely-timed interrupts
> > into a local VM. Certainly not to better than +/- a few microseconds.
> > As long as you add cycle-counter info to the entropy pool, the least
> > significant bits of that will always be noise.
>
> I think I agree - e.g. i would expect the virtual interrupts to have
> enough jitter too. Maybe it would be good if someone could
> run a few statistics on the resulting numbers?
>
> Ok the randomness added doesn't consist only of the least significant
> bits. Currently it adds jiffies+full 32bit cycle count. I guess if it was
> a real problem the code could be changed to leave out the jiffies and
> only add maybe a 8 bit word from the low bits. But that would only
> help for the para case because the algorithm for native guests
> cannot be changed.
>
> > 2. An entropy front/back is tricky -- how do we decide how much
> > entropy to pull from domain0? How much should domain0 be prepared to
> > give other domains? How easy is it to DoS domain0 by draining its
> > entropy pool? Yuk.
>
> I claim (without having read any code) that in theory you need to have solved
> that problem already in the vTPM @)
>
The base question under all this is "how good does an entropy source have
to be?" and then "what guarantees do we make about the entropy inputs used
by /dev/random?". If we can resolve those, then the virtual environment
answer should fall out.
This is a area where the security tin-foil hat types take over, and it
gets real hard to make "good enough" argument. People have built an expectation
that /dev/random has really strong entropy, good enough to generate long term
keys etc.
next prev parent reply other threads:[~2006-05-11 16:18 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20060509084945.373541000@sous-sol.org>
2006-05-09 7:00 ` [RFC PATCH 34/35] Add the Xen virtual network device driver Chris Wright
2006-05-09 11:55 ` [Xen-devel] " Herbert Xu
2006-05-09 12:43 ` Christian Limpach
2006-05-09 13:01 ` Herbert Xu
2006-05-09 13:14 ` Andi Kleen
2006-05-09 13:16 ` Christian Limpach
2006-05-09 13:26 ` Herbert Xu
2006-05-09 14:00 ` Christian Limpach
2006-05-09 14:30 ` [Xen-devel] " David Boutcher
2006-05-09 23:35 ` Chris Wright
2006-05-09 11:58 ` Christoph Hellwig
2006-05-09 23:37 ` Chris Wright
2006-05-09 18:56 ` Stephen Hemminger
2006-05-09 23:39 ` Chris Wright
2006-05-09 20:25 ` Stephen Hemminger
2006-05-09 20:26 ` Keir Fraser
2006-05-09 20:46 ` Roland Dreier
2006-05-10 18:28 ` Andi Kleen
2006-05-11 0:33 ` Herbert Xu
2006-05-11 7:49 ` Keir Fraser
2006-05-11 8:04 ` Herbert Xu
2006-05-11 9:47 ` Andi Kleen
2006-05-11 16:18 ` Stephen Hemminger [this message]
2006-05-11 16:48 ` Rick Jones
2006-05-11 17:30 ` Andi Kleen
2006-05-09 20:32 ` Chris Wright
2006-05-09 22:41 ` [Xen-devel] " Herbert Xu
2006-05-09 23:51 ` Chris Wright
2006-05-10 6:36 ` Keir Fraser
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060511091838.035c387c@localhost.localdomain \
--to=shemminger@osdl.org \
--cc=ak@suse.de \
--cc=chrisw@sous-sol.org \
--cc=herbert@gondor.apana.org.au \
--cc=ian.pratt@xensource.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=rdreier@cisco.com \
--cc=tytso@mit.edu \
--cc=virtualization@lists.osdl.org \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).