Hi all,
I've been curious about using hardware true random number generators in my VM clusters. This got me wondering about the VM's /dev/random source... If I setup a hardware TRNG on the host, would the VM's also benefit from it?
Thanks!
On Sat, 13 Jul 2013, Digimer wrote:
Hi all,
I've been curious about using hardware true random number generators in my VM clusters. This got me wondering about the VM's /dev/random source... If I setup a hardware TRNG on the host, would the VM's also benefit from it?
Xen VMs would not be able to benefit from it. I don't know about KVM.
After applying a number of updates to both the host and the virtual machines, I had one virtual machine which would not talk to the network after the updates. Rebooting numerous times didn't help, I couldn't see anything wrong with either it's configuration or the bridge on the host machine.
I ended up restoring that machine from an image and then re-applying the updates and then everything was okay.
Amoung other things the updates included an update to glibc.
I was wondering if anyone else encountered something similar and had come to a better understanding of what went wrong?
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting. Knowledgeable human assistance, not telephone trees or script readers. See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874.
On 15/07/13 07:04, Stefano Stabellini wrote:
On Sat, 13 Jul 2013, Digimer wrote:
Hi all,
I've been curious about using hardware true random number generatorsin my VM clusters. This got me wondering about the VM's /dev/random source... If I setup a hardware TRNG on the host, would the VM's also benefit from it?
Xen VMs would not be able to benefit from it. I don't know about KVM.
Would you be able to elaborate on why not? I know Xen and KVM differ, but this is not a topic I have seen discussed at all before, so any insight would be helpful and appreciated! :)
digimer
On Mon, 15 Jul 2013, Digimer wrote:
On 15/07/13 07:04, Stefano Stabellini wrote:
On Sat, 13 Jul 2013, Digimer wrote:
Hi all,
I've been curious about using hardware true random number generatorsin my VM clusters. This got me wondering about the VM's /dev/random source... If I setup a hardware TRNG on the host, would the VM's also benefit from it?
Xen VMs would not be able to benefit from it. I don't know about KVM.
Would you be able to elaborate on why not? I know Xen and KVM differ, but this is not a topic I have seen discussed at all before, so any insight would be helpful and appreciated! :)
Because we don't have a paravirtualized interface to export the randomness to the guest. It would be a nice small little project to do that though.
On 16/07/13 06:30, Stefano Stabellini wrote:
On Mon, 15 Jul 2013, Digimer wrote:
On 15/07/13 07:04, Stefano Stabellini wrote:
On Sat, 13 Jul 2013, Digimer wrote:
Hi all,
I've been curious about using hardware true random number generatorsin my VM clusters. This got me wondering about the VM's /dev/random source... If I setup a hardware TRNG on the host, would the VM's also benefit from it?
Xen VMs would not be able to benefit from it. I don't know about KVM.
Would you be able to elaborate on why not? I know Xen and KVM differ, but this is not a topic I have seen discussed at all before, so any insight would be helpful and appreciated! :)
Because we don't have a paravirtualized interface to export the randomness to the guest. It would be a nice small little project to do that though.
Ah, ok. I'm an admin, not a programmer, so I am not sure what would be needed. Given how popular VMs are now, I can imagine it would be a nice feature to have. If it's a "small" project, then all the better! :)
Thanks!
I would second that, wish I had the knowledge to do it, but I can see a lot of useful applications, never worry about having enough entropy for various encryption engines, scientific projects, etc.
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting. Knowledgeable human assistance, not telephone trees or script readers. See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874.
On Tue, 16 Jul 2013, Digimer wrote:
Date: Tue, 16 Jul 2013 12:20:17 -0400 From: Digimer lists@alteeve.ca Reply-To: Discussion about the virtualization on CentOS centos-virt@centos.org To: Stefano Stabellini stefano.stabellini@eu.citrix.com Cc: Discussion about the virtualization on CentOS centos-virt@centos.org Subject: Re: [CentOS-virt] Would a hardware TRNG benefit VMs?
On 16/07/13 06:30, Stefano Stabellini wrote:
On Mon, 15 Jul 2013, Digimer wrote:
On 15/07/13 07:04, Stefano Stabellini wrote:
On Sat, 13 Jul 2013, Digimer wrote:
Hi all,
I've been curious about using hardware true random number generatorsin my VM clusters. This got me wondering about the VM's /dev/random source... If I setup a hardware TRNG on the host, would the VM's also benefit from it?
Xen VMs would not be able to benefit from it. I don't know about KVM.
Would you be able to elaborate on why not? I know Xen and KVM differ, but this is not a topic I have seen discussed at all before, so any insight would be helpful and appreciated! :)
Because we don't have a paravirtualized interface to export the randomness to the guest. It would be a nice small little project to do that though.
Ah, ok. I'm an admin, not a programmer, so I am not sure what would be needed. Given how popular VMs are now, I can imagine it would be a nice feature to have. If it's a "small" project, then all the better! :)
Thanks!
-- Digimer Papers and Projects: https://alteeve.ca/w/ What if the cure for cancer is trapped in the mind of a person without access to education? _______________________________________________ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
On 07/16/2013 10:44 PM, Robert Dinse wrote:
I would second that, wish I had the knowledge to do it, but I can see alot of useful applications, never worry about having enough entropy for various encryption engines, scientific projects, etc.
Try this: http://vanheusden.com/entropybroker/
I guess it's done in userspace already.
On Jul 16, 2013 10:20 AM, "Digimer" lists@alteeve.ca wrote:
On 16/07/13 06:30, Stefano Stabellini wrote:
On Mon, 15 Jul 2013, Digimer wrote:
On 15/07/13 07:04, Stefano Stabellini wrote:
On Sat, 13 Jul 2013, Digimer wrote:
Hi all,
I've been curious about using hardware true random number
generators
in my VM clusters. This got me wondering about the VM's /dev/random source... If I setup a hardware TRNG on the host, would the VM's also benefit from it?
Xen VMs would not be able to benefit from it. I don't know about KVM.
Would you be able to elaborate on why not? I know Xen and KVM differ,
but this
is not a topic I have seen discussed at all before, so any insight
would be
helpful and appreciated! :)
Because we don't have a paravirtualized interface to export the randomness to the guest. It would be a nice small little project to do that though.
Ah, ok. I'm an admin, not a programmer, so I am not sure what would be needed. Given how popular VMs are now, I can imagine it would be a nice feature to have. If it's a "small" project, then all the better! :)
Thanks!
-- Digimer Papers and Projects: https://alteeve.ca/w/ What if the cure for cancer is trapped in the mind of a person without access to education?
There is such a thing, see https://fedoraproject.org/wiki/Features/Virtio_RNG
--Pete
On 16/07/13 18:01, Pete Travis wrote:
On Jul 16, 2013 10:20 AM, "Digimer" <lists@alteeve.ca mailto:lists@alteeve.ca> wrote:
On 16/07/13 06:30, Stefano Stabellini wrote:
On Mon, 15 Jul 2013, Digimer wrote:
On 15/07/13 07:04, Stefano Stabellini wrote:
On Sat, 13 Jul 2013, Digimer wrote:
Hi all,
I've been curious about using hardware true random numbergenerators
in my VM clusters. This got me wondering about the VM's /dev/random source... If I setup a hardware TRNG on the host, would the VM's
also
benefit from it?
Xen VMs would not be able to benefit from it. I don't know about KVM.
Would you be able to elaborate on why not? I know Xen and KVM
differ, but this
is not a topic I have seen discussed at all before, so any insight
would be
helpful and appreciated! :)
Because we don't have a paravirtualized interface to export the randomness to the guest. It would be a nice small little project to do that though.
Ah, ok. I'm an admin, not a programmer, so I am not sure what would be needed. Given how popular VMs are now, I can imagine it would be a nice feature to have. If it's a "small" project, then all the better! :)
Thanks!
-- Digimer Papers and Projects: https://alteeve.ca/w/ What if the cure for cancer is trapped in the mind of a person without access to education?
There is such a thing, see https://fedoraproject.org/wiki/Features/Virtio_RNG
--Pete
Ok, that is _awesome_! I hope it gets into RHEL 7. Thank you kindly for the link!
-
Digimer -
Dmitry Mikhailov -
Pete Travis -
Robert Dinse -
Stefano Stabellini