From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:58827)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <amit.shah@redhat.com>) id 1TSilH-0004ni-AO
	for qemu-devel@nongnu.org; Mon, 29 Oct 2012 02:23:48 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <amit.shah@redhat.com>) id 1TSilG-0006Vq-2O
	for qemu-devel@nongnu.org; Mon, 29 Oct 2012 02:23:47 -0400
Received: from mx1.redhat.com ([209.132.183.28]:44497)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <amit.shah@redhat.com>) id 1TSilF-0006U7-Q6
	for qemu-devel@nongnu.org; Mon, 29 Oct 2012 02:23:45 -0400
Date: Mon, 29 Oct 2012 11:53:35 +0530
From: Amit Shah <amit.shah@redhat.com>
Message-ID: <20121029062308.GA3564@amit.redhat.com>
References: <604401631.2277495.1351264128301.JavaMail.root@redhat.com>
	<871ugl44v5.fsf@codemonkey.ws> <508AB5C0.2000304@zytor.com>
	<87r4ol2it5.fsf@codemonkey.ws>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <87r4ol2it5.fsf@codemonkey.ws>
Subject: Re: [Qemu-devel] [PATCH 0/6] add paravirtualization hwrng support
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Anthony Liguori <aliguori@us.ibm.com>
Cc: Ted Ts'o <tytso@mit.edu>, Dustin Kirkland <kirkland@canonical.com>, qemu-devel@nongnu.org, George Wilson <gcwilson@us.ibm.com>, "H. Peter Anvin" <hpa@zytor.com>, Paolo Bonzini <pbonzini@redhat.com>, Kent Yoder <key@linux.vnet.ibm.com>, Andreas Faerber <afaerber@suse.de>

On (Fri) 26 Oct 2012 [13:24:06], Anthony Liguori wrote:
> "H. Peter Anvin" <hpa@zytor.com> writes:
> 
> > On 10/26/2012 08:42 AM, Anthony Liguori wrote:
> >>>
> >>> Is /dev/random even appropriate to feed rngd?
> >>>
> >>> rngd needs _a lot_ of entropy to even start working.  Its randomness
> >>> test works in groups of 20000 bits. On a system without an hardware
> >>> RNG, /dev/random can hardly produce 4000 bits/minute.  This means a
> >>> guest will not get any entropy boost for 5 minutes after it's started,
> >>> even if we allow it to exhaust the parent's entropy.
> >>
> >> I don't know, but rng-random is a non-blocking backend so it can handle
> >> /dev/random, /dev/urandom, or /dev/hwrng.
> >>
> >
> > /dev/urandom is just plain *wrong*... it is feeding a PRNG into a PRNG 
> > which can best be described as "masturbation" and at worst as a 
> > "cryptographic usage violation."
> 
> I don't understand your logic here.
> 
> From the discussions I've had, the quality of the randomness from a
> *well seeded* PRNG ought to be good enough to act as an entropy source
> within the guest.
> 
> What qualifies as well seeded is a bit difficult to pin down with more
> specificity than "kilobytes of data".
> 
> I stayed away from /dev/urandom primarily because it's impossible to
> determine if it's well seeded or not making urandom dangerous to use.
> 
> But using a PRNG makes sense to me when dealing with multiple guests.
> If you have a finite source of entropy in the host, using a PRNG to
> create unique entropy for each guest is certainly better than
> duplicating entropy.

One solution could be to feed host's /dev/urandom to readers of
guests' /dev/urandom.  We could then pass the rare true entropy bits
from host's /dev/hwrng or /dev/random to the guest via
virtio-rng-pci's /dev/hwrng interface in the guest.

If this is a valid idea (host /dev/urandom goes directly to guest's
/dev/urandom), we would need some guest-side surgery, but it shouldn't
be huge work, and would remove several bottlenecks.

Is this a very crazy idea?


		Amit