Il 30/10/2012 05:43, H. Peter Anvin ha scritto: > Let me be more specific. > > First of all, feeding /dev/urandom to the guest is dangerous -- you are > feeding it PRNG contents but telling it that it is real entropy. This > is a security hole. > > Second of all, you're doing something pointless: you are still > exhausting the entropy pool on the host at the same rate, and all you > end up with is something that isn't what you want. You still have the > same DoS on the host /dev/random that you're worried about. > > Third, you're doing something inefficient: you're running a PRNG in the > host which could be run more efficiently in guest space.
Either you're not reading what I wrote, or you're confusing me with someone else. I *never* mentioned passing /dev/urandom, and in fact I explained to Anthony that it is wrong. Please take a look at http://permalink.gmane.org/gmane.comp.emulators.qemu/178123 What I said that passing /dev/hwrng or rdrand would: - not make /dev/random with virtio-rng-pci worse than without - make migration working - avoiding denial of service for the host's /dev/random > From an Intel perspective I guess I should be happy, as it functionally > would mean that unless you have RDRAND in the host you're insecure, but > I'd much rather see the Right Thing done. :) Paolo