Re: [Qemu-devel] [PATCH 0/6] add paravirtualization hwrng support

[Paolo Bonzini]

Il 30/10/2012 05:43, H. Peter Anvin ha scritto:
> Let me be more specific.
> 
> First of all, feeding /dev/urandom to the guest is dangerous -- you are
> feeding it PRNG contents but telling it that it is real entropy.  This
> is a security hole.
> 
> Second of all, you're doing something pointless: you are still
> exhausting the entropy pool on the host at the same rate, and all you
> end up with is something that isn't what you want.  You still have the
> same DoS on the host /dev/random that you're worried about.
> 
> Third, you're doing something inefficient: you're running a PRNG in the
> host which could be run more efficiently in guest space.

Either you're not reading what I wrote, or you're confusing me with
someone else.

I *never* mentioned passing /dev/urandom, and in fact I explained to
Anthony that it is wrong.  Please take a look at
http://permalink.gmane.org/gmane.comp.emulators.qemu/178123

What I said that passing /dev/hwrng or rdrand would:

- not make /dev/random with virtio-rng-pci worse than without

- make migration working

- avoiding denial of service for the host's /dev/random


> From an Intel perspective I guess I should be happy, as it functionally
> would mean that unless you have RDRAND in the host you're insecure, but
> I'd much rather see the Right Thing done.

:)

Paolo