WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/

Home

xen-users

[Top] [All Lists]

[Xen-users] Major /dev/urandom (Security) issue?

from [Ken Bass]

[Permanent Link][Original]

To:	xen-users@xxxxxxxxxxxxxxxxxxx
Subject:	[Xen-users] Major /dev/urandom (Security) issue?
From:	Ken Bass <kbass@xxxxxxxxxxx>
Date:	Thu, 24 Jan 2008 19:08:47 -0500
Delivery-date:	Thu, 24 Jan 2008 16:09:44 -0800
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
List-help:	<mailto:xen-users-request@lists.xensource.com?subject=help>
List-id:	Xen user discussion <xen-users.lists.xensource.com>
List-post:	<mailto:xen-users@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender:	xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent:	Thunderbird 2.0.0.9 (X11/20071031)

I'm new to Xen. I'm using the Xen that comes with Centos 5.1 (which is3.1). When I read from /dev/urandom, the values NEVER change. My domU isa Centos 5.1 instance. Below I run the simple command twice and get thesame numbers. If I run another domU I get the SAME numbers!


-bash-3.1# od -tx4 -N 16 /dev/urandom
0000000 d920a168 b904ed93 1dc8962e d1a8c0b1

-bash-3.1# od -tx4 -N 16 /dev/urandom
0000000 d920a168 b904ed93 1dc8962e d1a8c0b1

I need to figure out:
1) How to fix this
2) Isnt this a major security flaw since the random seeds are static/known?

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-users] Major /dev/urandom (Security) issue?, Ken Bass <= Re: [Xen-users] Major /dev/urandom (Security) issue?, Andy Smith Re: [Xen-users] Major /dev/urandom (Security) issue?, Jan Marquardt Re: [Xen-users] Major /dev/urandom (Security) issue?, Geert Janssens Re: [Xen-users] Major /dev/urandom (Security) issue?, Jeff Cronstrom Re: [Xen-users] Major /dev/urandom (Security) issue? [jailtime.org issue], Ken Bass

Previous by Date:	Re: [Xen-users] Xen Disk I/O performance vs native performance, Emre Erenoglu
Next by Date:	Re: [Xen-users] Can't boot from ISO image..., Mark Williamson
Previous by Thread:	[Xen-users] Xen domU and bandwith limitation, Guillaume Thiery
Next by Thread:	Re: [Xen-users] Major /dev/urandom (Security) issue?, Andy Smith
Indexes:	[Date] [Thread] [Top] [All Lists]

This site is hosted by Citrix