[Users] virtio-rng / crypto inside vms

Sven Kieske S.Kieske at mittwald.de
Fri Dec 13 08:32:22 UTC 2013

Answering myself, it seems
virtio-rng will be in 3.4:

But I don't find it in the planning:


Nevertheless it would be cool if someone could give some advice
how to handle entropy until 3.4 gets released
(and I have time to upgrade).

Am 13.12.2013 09:09, schrieb Sven Kieske:
> Hi,
> I'm just wondering: How is the state
> of the virtio-rng implementation?
> I'm asking because I need to regenerate
> ssh host keys in newly deployed vms.
> (I seem to be the only person, or everybody
> else has found the solution, or nobody thinks
> about security, or a mixture of the above?)
> Additional I found no really guidance
> on how much entropy bits should be
> available to generate a secure key
> inside a vm, beside these numbers:
> http://www.ietf.org/rfc/rfc1750.txt
> suggests about 128 bits of entropy
> for a single cryptographic operation.
> various other sources mention ranges
> between 100-200 or even at least 4096
> entropy bits.
> Would it be a workaround to add a virtual
> sound device and use this one for /dev/random ?
> (But it would be useless if you have no real sound hardware I guess).
> Additional when you want to regenerate host keys in e.g. Ubuntu
> 3 Keys get generated so you need even more entropy to be on the
> save side.
> If you got any links to best practices or some
> good news regarding the state of virtio-rng that would be awesome.
> Currently my vms have around 130-160 entropy bits available.

Mit freundlichen Grüßen / Regards

Sven Kieske

Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +49-5772-293-100
F: +49-5772-293-333
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen

More information about the Users mailing list