Re: [Qemu-devel] [PATCH 0/6] add paravirtualization hwrng support

[H. Peter Anvin]

That statement is pretty toxic... I wonder where it came from.  It is at best 
horribly misleading and actively encourages dangerous behaviours even for the 
cases where it isn't actively wrong.

Paolo Bonzini <address@hidden> wrote:

>Il 26/10/2012 21:07, H. Peter Anvin ha scritto:
>> This is surreal.  Output from /dev/hwrng turns into output for
>/dev/random... it us guaranteed worse; period, end of story.
>
>Isn't that exactly what happens in bare-metal?  hwrng -> rngd ->
>random.  Instead here
>we'd have, host hwrng -> virtio-rng-pci -> guest hwrng -> guest rngd ->
>guest random.
>
>The only difference is that you paravirtualize access to the host hwrng
>to a) distribute
>entropy to multiple guests; b) support migration across hosts with
>different CPUs and
>hardware.
>
>> I don't know who the "agreement" is with, but it is ridiculous in
>this case.
>
>man 4 random:
>
>While some safety margin above that minimum is reasonable, as a guard
>against
>flaws  in the CPRNG algorithm, no cryptographic primitive available
>today can
>hope to promise more than 256 bits of security, so if any program reads
> more
>than  256  bits (32 bytes) from the kernel random pool per invocation,
>or per
>reasonable reseed interval (not less than one minute), that should  be 
>taken
>       as a sign that its cryptography is not skilfully implemented.
>
>Paolo

-- 
Sent from my mobile phone. Please excuse brevity and lack of formatting.