Re: [libvirt] RFC: virtio-rng and /dev/urandom

On 04/15/2016 04:41 AM, Cole Robinson wrote: > Libvirt currently rejects using host /dev/urandom as an input source > for a virtio-rng device. The only accepted sources are /dev/random > and /dev/hwrng. This is the result of discussions on qemu-devel > around when the feature was first added (2013). Examples: > > http://lists.gnu.org/archive/html/qemu-devel/2012-09/msg02387.html > https://lists.gnu.org/archive/html/qemu-devel/2013-03/threads.html#0 > 0023 > > libvirt's rejection of /dev/urandom has generated some complaints > from users: > > https://bugzilla.redhat.com/show_bug.cgi?id=1074464 > * cited: http://www.2uo.de/myths-about-urandom/ > http://www.redhat.com/archives/libvir-list/2016-March/msg01062.html > http://www.redhat.com/archives/libvir-list/2016-April/msg00186.html > > I think it's worth having another discussion about this, at least > with a recent argument in one place so we can put it to bed. I'm > CCing a bunch of people. I think the questions are: > > 1) is the original recommendation to never use > virtio-rng+/dev/urandom correct? That I'm not sure about - and the answer may be context-dependent (for example a FIPS user may care more than an ordinary user)