
On April 15, 2016 9:10:44 AM PDT, Hubert Kario <hkario@redhat.com> wrote:
On 04/15/2016 04:41 AM, Cole Robinson wrote:
Libvirt currently rejects using host /dev/urandom as an input
On Friday 15 April 2016 09:47:51 Eric Blake wrote: source
for a virtio-rng device. The only accepted sources are /dev/random and /dev/hwrng. This is the result of discussions on qemu-devel around when the feature was first added (2013). Examples:
http://lists.gnu.org/archive/html/qemu-devel/2012-09/msg02387.html
https://lists.gnu.org/archive/html/qemu-devel/2013-03/threads.html#0
0023
libvirt's rejection of /dev/urandom has generated some complaints from users:
https://bugzilla.redhat.com/show_bug.cgi?id=1074464 * cited: http://www.2uo.de/myths-about-urandom/ http://www.redhat.com/archives/libvir-list/2016-March/msg01062.html http://www.redhat.com/archives/libvir-list/2016-April/msg00186.html
I think it's worth having another discussion about this, at least with a recent argument in one place so we can put it to bed. I'm CCing a bunch of people. I think the questions are:
1) is the original recommendation to never use virtio-rng+/dev/urandom correct? That I'm not sure about - and the answer may be context-dependent (for example a FIPS user may care more than an ordinary user)
/dev/urandom use is FIPS compliant, no FIPS-validated protocol or cryptographic primitive requires the "fresh" entropy provided by /dev/random. All primitives are designed to work with weaker entropy guarantees than what /dev/urandom provides.
That's not the point. The point is that it is a complete waste of resources when the PRNG can simply be run in the guest -- Sent from my Android device with K-9 Mail. Please excuse brevity and formatting.