The guest kernel already provides the PRNG itself. We have been over this...
Stefan Berger <stef...@linux.vnet.ibm.com> wrote: >On 03/01/2013 02:37 PM, H. Peter Anvin wrote: >> On 02/28/2013 04:36 PM, Eric Blake wrote: >>> Stefan Berger and I discovered on IRC that virtio-rng is unable to >>> support fd passing. We attempted: >>> >>> qemu-system-x86_64 ... -add-fd >>> set=4,fd=34,opaque=RDONLY:/dev/urandom >> ^^^^^^^^^^^^ >>> -object rng-random,id=rng0,filename=/dev/fdset/4 -device >>> virtio-rng-pci,rng=rng0,bus=pci.0,addr=0x6 >>> >> Unrelated, but you really, really, really don't want to pass >> /dev/urandom there, use /dev/random. > >From what I am reading about /dev/random is that it will start blocking > >once not enough entropy is available anymore. Sounds like this could be > >abused if multiple VMs were using this device and one drains the >entropy.. An alternative may be to pick go through a crypto library >that >seeds itself with entropy and implements random number generators >following NIST 800-90 for example. Freebl would offer at least one such > >implementation: > >http://dxr.mozilla.org/mozilla-central/security/nss/lib/freebl/drbg.c.html > >- search for 'NIST' there > > Stefan -- Sent from my mobile phone. Please excuse brevity and lack of formatting.
