From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:37268)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <hkario@redhat.com>) id 1as71w-0000YO-NL
	for qemu-devel@nongnu.org; Mon, 18 Apr 2016 07:07:49 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <hkario@redhat.com>) id 1as71q-0000T8-Pd
	for qemu-devel@nongnu.org; Mon, 18 Apr 2016 07:07:48 -0400
Received: from mx1.redhat.com ([209.132.183.28]:54806)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <hkario@redhat.com>) id 1as71q-0000T2-Kj
	for qemu-devel@nongnu.org; Mon, 18 Apr 2016 07:07:42 -0400
From: Hubert Kario <hkario@redhat.com>
Date: Mon, 18 Apr 2016 13:07:40 +0200
Message-ID: <3348132.1ImxLpUXPh@pintsize.usersys.redhat.com>
In-Reply-To: <6E36730D-333B-43BF-AE40-9F2975D5E116@zytor.com>
References: <5710C55E.3030000@redhat.com> <20160418092842.GB19600@redhat.com>
	<6E36730D-333B-43BF-AE40-9F2975D5E116@zytor.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart4418763.3BEUWPigvx";
	micalg="pgp-sha512"; protocol="application/pgp-signature"
Subject: Re: [Qemu-devel] RFC: virtio-rng and /dev/urandom
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "H. Peter Anvin" <hpa@zytor.com>
Cc: "Daniel P. Berrange" <berrange@redhat.com>, Cole Robinson <crobinso@redhat.com>, libvirt-list@redhat.com, qemu-devel <qemu-devel@nongnu.org>, "Richard W.M. Jones" <rjones@redhat.com>, Peter Krempa <pkrempa@redhat.com>, Amit Shah <amit.shah@redhat.com>, mik@miknet.net, jjaburek@redhat.com, sgrubb@redhat.com, Paolo Bonzini <pbonzini@redhat.com>, Eric Blake <eblake@redhat.com>

--nextPart4418763.3BEUWPigvx
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

On Monday 18 April 2016 02:46:19 H. Peter Anvin wrote:
> Another thing that really needs to be addressed, but is a separate
> issue: invalidating and reseeding the entropy pool after a snapshot
> event.

definitely agreed

though just reseeding would be sufficient - the goal is to make the=20
output unpredictable and unique between multiple machines starting from=
=20
the same snapshot, feeding enough random data to make the entropy pool=20=

unique again is sufficient to achieve that
=2D-=20
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purky=C5=88ova 99/71, 612 45, Brno, Czech Republi=
c
--nextPart4418763.3BEUWPigvx
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part.
Content-Transfer-Encoding: 7Bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAABCgAGBQJXFL/8AAoJEJKo0bgB0vX143IQAJ1H/uWRvzqFEyjkeO/9igR+
vD0MP/PlOnhoNqXeQHOOMsASSjQb5QPwH0uAjoiIQ7EgG+xGK7caXpFV5JsftIU+
+D7pyJ1h18jP+cpCuV+ffIYMzOBqR+9s2+/PxsU+KQdu58x2DitmtdQxIFym54th
2e3JIsxoKewqrBYF1N2vmpMVM1/w8WwYNR305BXIgiMaR+ZZAkC158CiFeuVxQI3
bRR0OjloWXLKr/ad7SxM3Kt7P78hgtbQroSD9WuBg9+Z+gu4cFsB8hoNPvvpPScH
NQ1cVfJ+6kWTku+3ocGzqrKZO1kMLztqIlK1Ug5eKr1OrOHknWycekzHYljfFq7A
CnNPvl6bgXlIFh0jYFTAAfvvawyJnioP6DQsi0ryONZFSDYsXkj81NIyAG+RNklx
obMWNjioEldJO2nOzx9r6Tiewhg0a7iq5SWC2Ios1UxEnaicyDJ/pLUWl/oe605b
zL41YIk1RsWZdTolFuZ7UMefB7JuDC8jOIBCPRI2oWUvqOCMhsHMN2+OE4QwQOLp
xUk8atsXSe2pGgH2bZJcKyxYWPxfiH3sg9NtwWJntXwyZ34UsMYqsy4vUZqZpYuA
bJv5Whnbst9GiiK/y1WeriJtipTZgd5VzPJbrW5h5cyfV7BiegAnZNsC/WOhcMpB
q8ieKU+UdkimytOMXPWD
=mrbP
-----END PGP SIGNATURE-----

--nextPart4418763.3BEUWPigvx--