On 29.09.2016 22:43, [email protected] wrote: > Hello. While I've been enabling virtio-rng since it became available I > recently understood that without restrictions a malicious guest can > potentially starve other VMs' entropy by overusing /dev/random so I set > the rate limit. > > Another question comes to mind. Does the way virtio-rng works pose a > security risk? - does it allow the guest to spy on the host's entropy > pool? (If so I'll have to disable it for untrusted VMs immediately) >
Well, is it possible from say X bytes of /dev/random predict X+1 byte? If yes, then this is a security risk. If no, then you should be safe. But I'm no security expert. Michal -- libvir-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/libvir-list
