Il 26/10/2012 21:07, H. Peter Anvin ha scritto:
> This is surreal. Output from /dev/hwrng turns into output for /dev/random...
> it us guaranteed worse; period, end of story.
Isn't that exactly what happens in bare-metal? hwrng -> rngd -> random.
Instead here
we'd have, host hwrng -> virtio-rng-pci -> guest hwrng -> guest rngd -> guest
random.
The only difference is that you paravirtualize access to the host hwrng to a)
distribute
entropy to multiple guests; b) support migration across hosts with different
CPUs and
hardware.
> I don't know who the "agreement" is with, but it is ridiculous in this case.
man 4 random:
While some safety margin above that minimum is reasonable, as a guard
against
flaws in the CPRNG algorithm, no cryptographic primitive available
today can
hope to promise more than 256 bits of security, so if any program reads
more
than 256 bits (32 bytes) from the kernel random pool per invocation,
or per
reasonable reseed interval (not less than one minute), that should be
taken
as a sign that its cryptography is not skilfully implemented.
Paolo
