Re: PV random device - Sarah Newman

xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed

From: Sarah Newman <srn@prgmr.com>
To: Andy Smith <andy@strugglers.net>, Steven Haigh <netwiz@crc.id.au>
Cc: xen-devel <xen-devel@lists.xenproject.org>
Subject: Re: PV random device
Date: Tue, 6 Oct 2015 00:40:41 -0700	[thread overview]
Message-ID: <56137AF9.2010107@prgmr.com> (raw)
In-Reply-To: <20151006051809.GK4243@bitfolk.com>

On 10/05/2015 10:18 PM, Andy Smith wrote:

> But again as I say, that article I posted earlier contains a bunch
> of smart crypto people saying that all of this is unnecessary. So
> should we be enabling it?

Even if only urandom is considered necessary, how is the initial seed for urandom being generated and securely provided (if externally generated) to
the guest?

ubuntu has a client/server "entropy as a service" pollen https://github.com/dustinkirkland/pollen and pollinate
https://github.com/dustinkirkland/pollinate which writes to /dev/urandom at boot. To my best knowledge a total of zero non-ubuntu derived
distributions have adopted it, though I can't comment on why.

MirageOS has come up with https://github.com/mirage/xentropyd and https://github.com/mirage/mirage-entropy which appears to be a layer on top of
channels http://xenbits.xen.org/gitweb/?p=xen.git;a=blob;f=docs/misc/channel.txt I don't know if this is the preferred implementation method. I also
haven't found a front-end implementation other than in MirageOS.

next prev parent reply	other threads:[~2015-10-06  7:40 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-10-06  1:33 PV random device Sarah Newman
2015-10-06  3:35 ` Andy Smith
2015-10-06  4:12   ` Sarah Newman
2015-10-06  4:29     ` Andy Smith
2015-10-06  4:34       ` Sarah Newman
2015-10-06  4:50       ` Steven Haigh
2015-10-06  5:18         ` Andy Smith
2015-10-06  7:40           ` Sarah Newman [this message]
2015-10-06  9:15 ` Ian Campbell

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=56137AF9.2010107@prgmr.com \
    --to=srn@prgmr.com \
    --cc=andy@strugglers.net \
    --cc=netwiz@crc.id.au \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).