| 1 |
On Fri, 26 Mar 2010 09:15:19 -0500 |
| 2 |
Brian Kroth <bpkroth@×××××.com> wrote: |
| 3 |
|
| 4 |
> This probably won't actually happen until some distant point in the |
| 5 |
> future, but I'm especially interested in getting it to virtual |
| 6 |
> machines. Unfortunately, from what I can find there's no nice |
| 7 |
> interface between the host's rng and the vm for vmware esx like there |
| 8 |
> is for kvm (eg: virtio_rng). Anyone know of one? |
| 9 |
|
| 10 |
The tool you previously mentioned, Entropy Broker, is amongst the |
| 11 |
better choices. |
| 12 |
|
| 13 |
> With the entropy broker the thing I'm not totally clear on is how |
| 14 |
> entropy bits transferred over the network (presumably without |
| 15 |
> encryption as that might require entropy) would be worthwhile |
| 16 |
> entropy? |
| 17 |
|
| 18 |
I believe Entropy Broker encrypts, so it should be safe in that |
| 19 |
respect. Not that it's much of a problem on a VM where the network |
| 20 |
cable in question is a completely virtual one. |
| 21 |
|
| 22 |
> What makes it different from the situation where you're |
| 23 |
> using the network device interrupts as an source of entropy? |
| 24 |
> Couldn't both be observable? |
| 25 |
|
| 26 |
Such interrupts aren't great choices for entropy because they're so |
| 27 |
easily manipulable, anyway. |
| 28 |
|
| 29 |
> Another question - I keep seeing people suggesting to hook rngd (from |
| 30 |
> rng-tools) up to /dev/urandom. Doesn't that just feed your system |
| 31 |
> entropy with an prng most of the time? I feel like this just gives |
| 32 |
> the illusion of a decent sized entropy pool. Might as well hook your |
| 33 |
> app up to /dev/urandom instead, correct? |
| 34 |
|
| 35 |
Yep. |
| 36 |
|
| 37 |
B. |
Archives