[systemd-devel] Delaying (SSH) key generation until the urandom pool is initialized

Zbigniew Jędrzejewski-Szmek zbyszek at in.waw.pl
Thu May 1 06:09:13 PDT 2014


On Wed, Apr 30, 2014 at 05:06:29PM +0200, Florian Weimer wrote:
> On 04/30/2014 02:28 PM, Daniel P. Berrange wrote:
> 
> >>Interesting suggestion.  I just used virt-manager to create the VM.
> >>I don't see any trace for "rng" or "random" in the domain XML file.
> >>If it is supported, I think it should be enabled by default.
> >
> >I'm told that it isn't turned on by default, but you can add it to
> >a VM post-install. Since it feeds VMs from the host's /dev/random
> >or /dev/hwrng, there was a question mark as to whether it was right
> >to enable it by default or not, and if so what kind of rate limiting
> >might be wanted by default.
> 
> Ah, so it builds down to our distrust of hardware RNGs?  How
> annoying. We should be able to trust Fedora-on-Fedora (or
> Debian-on-Debian or whatever) scenarios.  But I get that in the
> general case, it's impossible to know what's on the other side of
> the virtio_rng side, so reservations remain.
IIUC, the problem is that the guest or guests can exhaust hosts entropy
pool, not that they distrust it. I.e. we are worried about the host, not
guests.

Zbyszek


More information about the systemd-devel mailing list