From: Amit Shah <amit.shah@redhat.com>
To: "H. Peter Anvin" <hpa@zytor.com>
Cc: qemu list <qemu-devel@nongnu.org>,
Anthony Liguori <anthony@codemonkey.ws>
Subject: Re: [Qemu-devel] [PATCH v3 0/1] virtio-rng: hardware random number generator
Date: Mon, 17 Sep 2012 08:51:31 +0530 [thread overview]
Message-ID: <20120917032131.GB22729@amit.redhat.com> (raw)
In-Reply-To: <505639C6.2050704@zytor.com>
On (Sun) 16 Sep 2012 [13:42:46], H. Peter Anvin wrote:
> On 06/19/2012 11:59 PM, Amit Shah wrote:
> >Hello,
> >
> >Here's the 3rd iteration of the virtio-rng device. This update just
> >rebases the patch on top of current master.
> >
> >Details on the patch in the commit message.
> >
>
> Hi everyone...
>
> I just stumbled on this patchset after realizing that the virtio-rng
> support still is not even in the Qemu git tree even though the
> kernel side has been there for four years(!)
>
> It seems this support has been stuck in "overengineering hell" for
> years. I have to admit to having a bit of a confusion about what is
> so hard about reading from a file descriptor, which may return
> partial reads. I understand the fairness argument, but I would
> argue that if it is an actual problem should be solved in the kernel
> and therefore benefit all types of applications rather than at the
> application level (which Qemu, effectively, is.)
>
> However, one key error I spotted was using /dev/urandom. Using
> /dev/urandom is a very serious cryptographic error, as well as
> completely pointless.
>
> The whole point of this is to provided distilled entropy to the
> guest, so that it can seed true entropy into *its* entropy pool. As
> such, using /dev/urandom is:
>
> a) needlessly slow. It will churn the host kernel PRNG needlessly,
> and not provide any backpressure when the host pool is already
> drained. Using /dev/random instead will indicate that the host
> pool is drained, and not pass a bunch of PRNG noise across an
> expensive channel when the PRNG in the *guest* could do the PRNG
> expansion just as well.
>
> b) cryptographically incorrect. This will tell the guest that it
> is being provided with entropy that it doesn't actually have, which
> will mean the guest severely overestimates the entropy that it has
> available to it. To put it differently: /dev/random in the guest
> will behave like (a very expensive version of) /dev/urandom from
> a cryptographic point of view.
>
> The right interface to the host kernel, therefore, is /dev/random.
Agreed with your points -- /dev/random on the host itself could be fed
in via a real hwrng. Also, for the fairness arguments, several guests
doing IO also contribute to the random pool.
The ideal interface, though, in qemu should be sourcing entropy from
a file descriptor, and the admin chooses what he wants to source
entropy from - /dev/random, /dev/urandom, or even /dev/hwrng.
Amit
next prev parent reply other threads:[~2012-09-17 3:21 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-06-20 6:59 [Qemu-devel] [PATCH v3 0/1] virtio-rng: hardware random number generator Amit Shah
2012-06-20 6:59 ` [Qemu-devel] [PATCH v3 1/1] virtio-rng: hardware random number generator device Amit Shah
2012-06-20 8:36 ` Daniel P. Berrange
2012-06-20 21:29 ` Anthony Liguori
2012-06-22 11:06 ` Amit Shah
2012-07-02 17:56 ` Stefan Berger
2012-06-22 12:12 ` Markus Armbruster
2012-06-22 12:22 ` Anthony Liguori
2012-06-22 12:31 ` Daniel P. Berrange
2012-06-22 12:58 ` Anthony Liguori
2012-06-22 13:34 ` Daniel P. Berrange
2012-06-22 13:44 ` Anthony Liguori
2012-06-22 18:50 ` Amit Shah
2012-06-22 19:59 ` Anthony Liguori
2012-09-16 20:42 ` [Qemu-devel] [PATCH v3 0/1] virtio-rng: hardware random number generator H. Peter Anvin
2012-09-16 23:23 ` Anthony Liguori
2012-09-16 23:36 ` H. Peter Anvin
2012-09-17 3:21 ` Amit Shah [this message]
2012-09-17 4:27 ` H. Peter Anvin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120917032131.GB22729@amit.redhat.com \
--to=amit.shah@redhat.com \
--cc=anthony@codemonkey.ws \
--cc=hpa@zytor.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).