On Tue, Dec 09, 2014 at 08:03:13AM -0700, Eric Blake wrote:
Now that Linux has a syscall for getting secure random bytes, should
we
use that when available in our src/util/virrandom.c implementation?
Yes, we should. I remember reading a few weeks back that someone found
our current random seed is rather predictable when the libvirt host is
booted from a cut-down image running systemd. Since there is no longer
1000000000 lines of shell in the init process the initial PIDs are very
stable across each boot attempt.
The question is how should we make use of it ? Should we use it as the
seed for initstate_r, or just use it for virRandomBits directly ?
Regards,
Daniel
--
|:
http://berrange.com -o-
http://www.flickr.com/photos/dberrange/ :|
|:
http://libvirt.org -o-
http://virt-manager.org :|
|:
http://autobuild.org -o-
http://search.cpan.org/~danberr/ :|
|:
http://entangle-photo.org -o-
http://live.gnome.org/gtk-vnc :|