This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] dom0 and domU /dev/urandom generating too less entropy

To: Stephan Seitz <s.seitz@xxxxxxxxxxxx>, XEN User - listmembers <xen-users@xxxxxxxxxxxxxxxxxxx>, XEN Devel - listmembers <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [Xen-devel] dom0 and domU /dev/urandom generating too less entropy
From: Keir Fraser <Keir.Fraser@xxxxxxxxxxxx>
Date: Thu, 11 Oct 2007 08:27:13 +0100
Delivery-date: Thu, 11 Oct 2007 00:22:49 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <470D2F4A.8070000@xxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcgL2CROYtfm7HfLEdyvZAAWy6hiGQ==
Thread-topic: [Xen-devel] dom0 and domU /dev/urandom generating too less entropy
User-agent: Microsoft-Entourage/
On 10/10/07 21:00, "Stephan Seitz" <s.seitz@xxxxxxxxxxxx> wrote:

> Do you know about a workaround, or maybe the possibility for another
> (xen-specific) RNG
> besides of /dev/urandom ?

I'm surprised you see failures. By my understanding, /dev/urandom is always
supposed to return the request number of bytes, but their randomness depends
on the amount of entropy currently in the pool. Perhaps sshd explicitly
interrogates urandom to find out how much entropy it has gathered?

Anyway, the domU kernel gathers entropy from the interrupt delivery times of
the netfront and blkfront drivers. This is similar to what a native kernel
does. It's not clear how we can easily improve on that without e.g.,
plumbing through a hardware RNG to domUs.

 -- Keir

Xen-devel mailing list