[Users] virtio-rng / crypto inside vms
Sven Kieske
S.Kieske at mittwald.de
Fri Dec 13 08:32:22 UTC 2013
Answering myself, it seems
virtio-rng will be in 3.4:
https://bugzilla.redhat.com/show_bug.cgi?id=977079
But I don't find it in the planning:
https://docs.google.com/spreadsheet/ccc?key=0AuAtmJW_VMCRdHJ6N1M3d1F1UTJTS1dSMnZwMF9XWVE&usp=sharing#gid=0
Nevertheless it would be cool if someone could give some advice
how to handle entropy until 3.4 gets released
(and I have time to upgrade).
Am 13.12.2013 09:09, schrieb Sven Kieske:
> Hi,
>
> I'm just wondering: How is the state
> of the virtio-rng implementation?
>
> I'm asking because I need to regenerate
> ssh host keys in newly deployed vms.
>
> (I seem to be the only person, or everybody
> else has found the solution, or nobody thinks
> about security, or a mixture of the above?)
>
> Additional I found no really guidance
> on how much entropy bits should be
> available to generate a secure key
> inside a vm, beside these numbers:
>
> http://www.ietf.org/rfc/rfc1750.txt
> suggests about 128 bits of entropy
> for a single cryptographic operation.
>
> various other sources mention ranges
> between 100-200 or even at least 4096
> entropy bits.
>
> Would it be a workaround to add a virtual
> sound device and use this one for /dev/random ?
> (But it would be useless if you have no real sound hardware I guess).
>
> Additional when you want to regenerate host keys in e.g. Ubuntu
> 3 Keys get generated so you need even more entropy to be on the
> save side.
>
> If you got any links to best practices or some
> good news regarding the state of virtio-rng that would be awesome.
>
> Currently my vms have around 130-160 entropy bits available.
>
--
Mit freundlichen Grüßen / Regards
Sven Kieske
Systemadministrator
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +49-5772-293-100
F: +49-5772-293-333
https://www.mittwald.de
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
More information about the Users
mailing list