Answering myself, it seems
virtio-rng will be in 3.4:
https://bugzilla.redhat.com/show_bug.cgi?id=977079
But I don't find it in the planning:
https://docs.google.com/spreadsheet/ccc?key=0AuAtmJW_VMCRdHJ6N1M3d1F1UTJT...
Nevertheless it would be cool if someone could give some advice
how to handle entropy until 3.4 gets released
(and I have time to upgrade).
Am 13.12.2013 09:09, schrieb Sven Kieske:
Hi,
I'm just wondering: How is the state
of the virtio-rng implementation?
I'm asking because I need to regenerate
ssh host keys in newly deployed vms.
(I seem to be the only person, or everybody
else has found the solution, or nobody thinks
about security, or a mixture of the above?)
Additional I found no really guidance
on how much entropy bits should be
available to generate a secure key
inside a vm, beside these numbers:
http://www.ietf.org/rfc/rfc1750.txt
suggests about 128 bits of entropy
for a single cryptographic operation.
various other sources mention ranges
between 100-200 or even at least 4096
entropy bits.
Would it be a workaround to add a virtual
sound device and use this one for /dev/random ?
(But it would be useless if you have no real sound hardware I guess).
Additional when you want to regenerate host keys in e.g. Ubuntu
3 Keys get generated so you need even more entropy to be on the
save side.
If you got any links to best practices or some
good news regarding the state of virtio-rng that would be awesome.
Currently my vms have around 130-160 entropy bits available.
--
Mit freundlichen Grüßen / Regards
Sven Kieske
Systemadministrator
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +49-5772-293-100
F: +49-5772-293-333
https://www.mittwald.de
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen