From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:59136)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1TRpwR-0008AF-7p
	for qemu-devel@nongnu.org; Fri, 26 Oct 2012 15:51:40 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1TRpwQ-0007FF-7N
	for qemu-devel@nongnu.org; Fri, 26 Oct 2012 15:51:39 -0400
Received: from mail-ee0-f45.google.com ([74.125.83.45]:50101)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1TRpwP-0007El-RD
	for qemu-devel@nongnu.org; Fri, 26 Oct 2012 15:51:38 -0400
Received: by mail-ee0-f45.google.com with SMTP id b47so1328279eek.4
	for <qemu-devel@nongnu.org>; Fri, 26 Oct 2012 12:51:37 -0700 (PDT)
Sender: Paolo Bonzini <paolo.bonzini@gmail.com>
Message-ID: <508AE9A6.4060304@redhat.com>
Date: Fri, 26 Oct 2012 21:51:02 +0200
From: Paolo Bonzini <pbonzini@redhat.com>
MIME-Version: 1.0
References: <604401631.2277495.1351264128301.JavaMail.root@redhat.com>
	<871ugl44v5.fsf@codemonkey.ws> <508AB5C0.2000304@zytor.com>
	<508ADD66.5040909@redhat.com>
	<5ea4bbfb-b761-42ef-93f8-7c91fee0bb30@email.android.com>
In-Reply-To: <5ea4bbfb-b761-42ef-93f8-7c91fee0bb30@email.android.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH 0/6] add paravirtualization hwrng support
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "H. Peter Anvin" <hpa@zytor.com>
Cc: Amit Shah <amit.shah@redhat.com>, Anthony Liguori <aliguori@us.ibm.com>, Andreas Faerber <afaerber@suse.de>, qemu-devel@nongnu.org

Il 26/10/2012 21:07, H. Peter Anvin ha scritto:
> This is surreal.  Output from /dev/hwrng turns into output for /dev/random... it us guaranteed worse; period, end of story.

Isn't that exactly what happens in bare-metal?  hwrng -> rngd -> random.  Instead here
we'd have, host hwrng -> virtio-rng-pci -> guest hwrng -> guest rngd -> guest random.

The only difference is that you paravirtualize access to the host hwrng to a) distribute
entropy to multiple guests; b) support migration across hosts with different CPUs and
hardware.

> I don't know who the "agreement" is with, but it is ridiculous in this case.

man 4 random:

       While some safety margin above that minimum is reasonable, as a guard against
       flaws  in the CPRNG algorithm, no cryptographic primitive available today can
       hope to promise more than 256 bits of security, so if any program reads  more
       than  256  bits (32 bytes) from the kernel random pool per invocation, or per
       reasonable reseed interval (not less than one minute), that should  be  taken
       as a sign that its cryptography is not skilfully implemented.

Paolo