Subject: Re: /dev/random often empty
To: Greg Troxel <gdt@ir.bbn.com>
From: Steven M. Bellovin <smb@cs.columbia.edu>
List: port-xen
Date: 03/21/2007 21:26:36
This showed up on the cryptography mailing list -- we should think hard
about it for Xen environments.
Begin forwarded message:
Date: Tue, 20 Mar 2007 20:14:26 -0400
From: Dan Geer <dan@geer.org>
To: cryptography@metzdowd.com
Subject: virtualization as a threat to RNG
Quoting from a discussion of threat posed by software virtualization as
found in Symantec's ISTR:xi, released today:
> The second type of threat that Symantec believes could emerge is >
> related to the impact that softwarevirtualized computers may have on
> > random number generators that are used inside guest operating
> > systems > on virtual machines. This speculation is based on some
> > initial work > done by Symantec Advanced Threat Research in a paper
> > on GS and ASLR in > Windows Vista. This research showed that the
> > method used to generate > the random locations employed in some
> > security technologies would, > under certain circumstances, differ
> > wildly in a software-virtualized > instance of the operating
> > system. If this proves to be true, it could > have considerable
> > implications for a number of different technologies > that rely on
> > good randomness, such as unique identifiers, as well as > the seeds
> > used in encryption.
--dan
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to
majordomo@metzdowd.com