port-xen: Re: /dev/random often empty

Subject: Re: /dev/random often empty
To: Greg Troxel <gdt@ir.bbn.com>
From: Steven M. Bellovin <smb@cs.columbia.edu>
List: port-xen
Date: 03/20/2007 09:44:59

On Tue, 20 Mar 2007 07:29:49 -0400
Greg Troxel <gdt@ir.bbn.com> wrote:

> I have a netbsd-4 xen2 domU (on xen2 dom0), and /dev/random is usually
> nearly emtpy:
> 

...

> So, fairly clearly domU is an entropy-poor environment.  But servers
> need random bits.  Does anyone have thoughts about how to deal with
> this?  Should there be a xen random source pseudodevice providing bits
> from dom0?
> 
I've noticed similar problems.  I wonder if there should be a
pseudo-device which draws entropy from the dom0.  (Dom0 has an emulated
crypto device, but from the man page it doesn't include a random number
generator.)



		--Steve Bellovin, http://www.cs.columbia.edu/~smb