[Users] virtio-rng / crypto inside vms
squadra at gmail.com
Sun Dec 15 19:52:49 UTC 2013
haveged is worth mentioning as pretty good alternative solution
On Fri, Dec 13, 2013 at 9:32 AM, Sven Kieske <S.Kieske at mittwald.de> wrote:
> Answering myself, it seems
> virtio-rng will be in 3.4:
> But I don't find it in the planning:
> Nevertheless it would be cool if someone could give some advice
> how to handle entropy until 3.4 gets released
> (and I have time to upgrade).
> Am 13.12.2013 09:09, schrieb Sven Kieske:
> > Hi,
> > I'm just wondering: How is the state
> > of the virtio-rng implementation?
> > I'm asking because I need to regenerate
> > ssh host keys in newly deployed vms.
> > (I seem to be the only person, or everybody
> > else has found the solution, or nobody thinks
> > about security, or a mixture of the above?)
> > Additional I found no really guidance
> > on how much entropy bits should be
> > available to generate a secure key
> > inside a vm, beside these numbers:
> > http://www.ietf.org/rfc/rfc1750.txt
> > suggests about 128 bits of entropy
> > for a single cryptographic operation.
> > various other sources mention ranges
> > between 100-200 or even at least 4096
> > entropy bits.
> > Would it be a workaround to add a virtual
> > sound device and use this one for /dev/random ?
> > (But it would be useless if you have no real sound hardware I guess).
> > Additional when you want to regenerate host keys in e.g. Ubuntu
> > 3 Keys get generated so you need even more entropy to be on the
> > save side.
> > If you got any links to best practices or some
> > good news regarding the state of virtio-rng that would be awesome.
> > Currently my vms have around 130-160 entropy bits available.
> Mit freundlichen Grüßen / Regards
> Sven Kieske
> Mittwald CM Service GmbH & Co. KG
> Königsberger Straße 6
> 32339 Espelkamp
> T: +49-5772-293-100
> F: +49-5772-293-333
> Geschäftsführer: Robert Meyer
> St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
> Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
> Users mailing list
> Users at ovirt.org
Sent from the Delta quadrant using Borg technology!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users