At Mon, 5 Apr 2021 01:05:58 +0200, Joerg Sonnenberger <joerg%bec.de@localhost> wrote: Subject: Re: regarding the changes to kernel entropy gathering > > Part of the problem here is that most of the non-RNG data sources are > easily observable either from the local system (e.g. any malicious user) > or other VMs on the same machine (in case of a hypervisor) or local > machines on the same network (in case of network interrupts). It _Just_ _Doesn't_ _Matter_ (i.e. for many of us, most of the time). Now ideally in the hypervisor scenario we would have a backend device that read from /dev/random and offered it to the VM guest as a virtual hardware RNG. Or maybe it's as simple as passing a those few bytes through a custom Xenstore string and having a script in the VM read them and inject them into /dev/random. But that's not been done yet. BTW, personally, on at least on some machines, I don't have any worry whatsoever at the moment about one VM guest spying on, or influencing the PRNG, in another. Zero worry. They're all _me_. I don't need some theoretically perfect level of protection from myself. -- Greg A. Woods <gwoods%acm.org@localhost> Kelowna, BC +1 250 762-7675 RoboHack <woods%robohack.ca@localhost> Planix, Inc. <woods%planix.com@localhost> Avoncote Farms <woods%avoncote.ca@localhost>
Attachment:
pgp_eiWOOYAmz.pgp
Description: OpenPGP Digital Signature