[Users] virtio-rng / crypto inside vms

Sven Kieske S.Kieske at mittwald.de
Fri Dec 13 08:09:38 UTC 2013


I'm just wondering: How is the state
of the virtio-rng implementation?

I'm asking because I need to regenerate
ssh host keys in newly deployed vms.

(I seem to be the only person, or everybody
else has found the solution, or nobody thinks
about security, or a mixture of the above?)

Additional I found no really guidance
on how much entropy bits should be
available to generate a secure key
inside a vm, beside these numbers:

suggests about 128 bits of entropy
for a single cryptographic operation.

various other sources mention ranges
between 100-200 or even at least 4096
entropy bits.

Would it be a workaround to add a virtual
sound device and use this one for /dev/random ?
(But it would be useless if you have no real sound hardware I guess).

Additional when you want to regenerate host keys in e.g. Ubuntu
3 Keys get generated so you need even more entropy to be on the
save side.

If you got any links to best practices or some
good news regarding the state of virtio-rng that would be awesome.

Currently my vms have around 130-160 entropy bits available.
Mit freundlichen Grüßen / Regards

Sven Kieske

Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +49-5772-293-100
F: +49-5772-293-333
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen

More information about the Users mailing list