[Users] virtio-rng / crypto inside vms
squadra
squadra at gmail.com
Sun Dec 15 19:52:49 UTC 2013
haveged is worth mentioning as pretty good alternative solution
http://www.issihosts.com/haveged/
Cheers,
Juergen
On Fri, Dec 13, 2013 at 9:32 AM, Sven Kieske <S.Kieske at mittwald.de> wrote:
> Answering myself, it seems
> virtio-rng will be in 3.4:
> https://bugzilla.redhat.com/show_bug.cgi?id=977079
>
> But I don't find it in the planning:
>
>
> https://docs.google.com/spreadsheet/ccc?key=0AuAtmJW_VMCRdHJ6N1M3d1F1UTJTS1dSMnZwMF9XWVE&usp=sharing#gid=0
>
> Nevertheless it would be cool if someone could give some advice
> how to handle entropy until 3.4 gets released
> (and I have time to upgrade).
>
> Am 13.12.2013 09:09, schrieb Sven Kieske:
> > Hi,
> >
> > I'm just wondering: How is the state
> > of the virtio-rng implementation?
> >
> > I'm asking because I need to regenerate
> > ssh host keys in newly deployed vms.
> >
> > (I seem to be the only person, or everybody
> > else has found the solution, or nobody thinks
> > about security, or a mixture of the above?)
> >
> > Additional I found no really guidance
> > on how much entropy bits should be
> > available to generate a secure key
> > inside a vm, beside these numbers:
> >
> > http://www.ietf.org/rfc/rfc1750.txt
> > suggests about 128 bits of entropy
> > for a single cryptographic operation.
> >
> > various other sources mention ranges
> > between 100-200 or even at least 4096
> > entropy bits.
> >
> > Would it be a workaround to add a virtual
> > sound device and use this one for /dev/random ?
> > (But it would be useless if you have no real sound hardware I guess).
> >
> > Additional when you want to regenerate host keys in e.g. Ubuntu
> > 3 Keys get generated so you need even more entropy to be on the
> > save side.
> >
> > If you got any links to best practices or some
> > good news regarding the state of virtio-rng that would be awesome.
> >
> > Currently my vms have around 130-160 entropy bits available.
> >
>
> --
> Mit freundlichen Grüßen / Regards
>
> Sven Kieske
>
> Systemadministrator
> Mittwald CM Service GmbH & Co. KG
> Königsberger Straße 6
> 32339 Espelkamp
> T: +49-5772-293-100
> F: +49-5772-293-333
> https://www.mittwald.de
> Geschäftsführer: Robert Meyer
> St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
> Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
--
Sent from the Delta quadrant using Borg technology!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20131215/00371d4f/attachment-0001.html>
More information about the Users
mailing list