WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Major /dev/urandom (Security) issue?

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Major /dev/urandom (Security) issue?
From: Jeff Cronstrom <jeff@xxxxxxxxxxxxxxx>
Date: Fri, 25 Jan 2008 09:33:40 -0500
Delivery-date: Fri, 25 Jan 2008 06:34:41 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <4799288F.3000708@xxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <4799288F.3000708@xxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Hi Ken,

On Thu, 2008-01-24 at 19:08 -0500, Ken Bass wrote:
I'm new to Xen. I'm using the Xen that comes with Centos 5.1 (which is 
3.1). When I read from /dev/urandom, the values NEVER change. My domU is 
a Centos 5.1 instance. Below I run the simple command twice and get the 
same numbers. If I run another domU I get the SAME numbers!

-bash-3.1# od -tx4 -N 16 /dev/urandom
0000000 d920a168 b904ed93 1dc8962e d1a8c0b1

-bash-3.1# od -tx4 -N 16 /dev/urandom
0000000 d920a168 b904ed93 1dc8962e d1a8c0b1

I need to figure out:
1) How to fix this
2) Isnt this a major security flaw since the random seeds are static/known?


I am using CentOS 5.1 for Dom0's and DomU's and I do not see this issue...

Maybe this will help: http://en.wikipedia.org/wiki/Urandom


Jeffrey Cronstrom
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users