From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:48697) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ar6KY-0008Od-Kn for qemu-devel@nongnu.org; Fri, 15 Apr 2016 12:10:51 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ar6KV-0003rX-CZ for qemu-devel@nongnu.org; Fri, 15 Apr 2016 12:10:50 -0400 Received: from mx1.redhat.com ([209.132.183.28]:35729) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ar6KV-0003rQ-3r for qemu-devel@nongnu.org; Fri, 15 Apr 2016 12:10:47 -0400 From: Hubert Kario Date: Fri, 15 Apr 2016 18:10:44 +0200 Message-ID: <1627731.Y10g9rcVyf@pintsize.usersys.redhat.com> In-Reply-To: <57110D27.6080805@redhat.com> References: <5710C55E.3030000@redhat.com> <57110D27.6080805@redhat.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart3265263.cQdH6Eegt6"; micalg="pgp-sha512"; protocol="application/pgp-signature" Subject: Re: [Qemu-devel] RFC: virtio-rng and /dev/urandom List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Eric Blake Cc: Cole Robinson , libvirt-list@redhat.com, qemu-devel , "Richard W.M. Jones" , "Daniel P. Berrange" , Peter Krempa , Amit Shah , mik@miknet.net, jjaburek@redhat.com, sgrubb@redhat.com, hpa@zytor.com, Paolo Bonzini --nextPart3265263.cQdH6Eegt6 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" On Friday 15 April 2016 09:47:51 Eric Blake wrote: > On 04/15/2016 04:41 AM, Cole Robinson wrote: > > Libvirt currently rejects using host /dev/urandom as an input sourc= e > > for a virtio-rng device. The only accepted sources are /dev/random > > and /dev/hwrng. This is the result of discussions on qemu-devel > > around when the feature was first added (2013). Examples: > >=20 > > http://lists.gnu.org/archive/html/qemu-devel/2012-09/msg02387.html > > https://lists.gnu.org/archive/html/qemu-devel/2013-03/threads.html#= 0 > > 0023 > >=20 > > libvirt's rejection of /dev/urandom has generated some complaints > > from users: > >=20 > > https://bugzilla.redhat.com/show_bug.cgi?id=3D1074464 > > * cited: http://www.2uo.de/myths-about-urandom/ > > http://www.redhat.com/archives/libvir-list/2016-March/msg01062.html= > > http://www.redhat.com/archives/libvir-list/2016-April/msg00186.html= > >=20 > > I think it's worth having another discussion about this, at least > > with a recent argument in one place so we can put it to bed. I'm > > CCing a bunch of people. I think the questions are: > >=20 > > 1) is the original recommendation to never use > > virtio-rng+/dev/urandom correct? > That I'm not sure about - and the answer may be context-dependent (fo= r > example a FIPS user may care more than an ordinary user) /dev/urandom use is FIPS compliant, no FIPS-validated protocol or=20 cryptographic primitive requires the "fresh" entropy provided by=20 /dev/random. All primitives are designed to work with weaker entropy=20= guarantees than what /dev/urandom provides. =2D-=20 Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purky=C5=88ova 99/71, 612 45, Brno, Czech Republi= c --nextPart3265263.cQdH6Eegt6 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAABCgAGBQJXERKEAAoJEJKo0bgB0vX1IekQAJZN0K2JX1xqbf5jS6nlzam+ Za9tKB4qrvPME8R6E15RpGT7vHd9elYjhAjKzU59Yyr8fFXtC/oAAuaOU/IqIu88 cB3tOWaVEgeJatz1h+iKjHnIyvsKuC0WGmOzEjpHZ1XKen/8IAKD4vxDtcY3C8Rd 5EnP0EYjNf/07vEuWdbAmqazbdneR/VuHkLqIKjzEm8mIr3k298I0KZY4QlodQrd 2ptKcXCI8WW7gJ2rEwJb3rrkDRBnCFuEB7GjzlSJF9SFCICFdP0Tg+Yak6jiIe1A Xr3oKEfd8c4gP46zd29xkl5C+NOyEn5cDbaGeb4FsE9iWViC1b1AmEw/W6mxAWue hCMEBfLq+HDvEH4cRxP209bNZPBEk7UEwA/fLOHjKOm20jqHB8gLRrBX66ZhswKK HubXC5huqIZ8qMo5wkYpD87/f+9v0V+q31AdNLkL+jJH4IinEpRaOAxmhcVGvOjv 5X9Di4LTI/yKLON8Fq+KsQzrGDwa7fgpxh7avvmrxrBC4uetdGyhn3Fc45wFoRBR 16PUEQ0KWGDlh8DETdGI5soqSKa+Bg8ybRdlaHmd4zhmTOt1J5nAvNjSDFL0s0Gc RhFuIhIIvIhCGawi2FX8vG/1yCA1DVMuerYH8ivwnvs4AOHUcR5fLOIocsohIUyM AXHp+Z98hQrpzfS06VvU =sRq3 -----END PGP SIGNATURE----- --nextPart3265263.cQdH6Eegt6--