Re: /dev/random often empty

To: Greg Troxel <gdt%ir.bbn.com@localhost>
Subject: Re: /dev/random often empty
From: "Steven M. Bellovin" <smb%cs.columbia.edu@localhost>
Date: Wed, 21 Mar 2007 21:26:36 -0400

This showed up on the cryptography mailing list -- we should think hard
about it for Xen environments.

Begin forwarded message:

Date: Tue, 20 Mar 2007 20:14:26 -0400
From: Dan Geer <dan%geer.org@localhost>
To: cryptography%metzdowd.com@localhost
Subject: virtualization as a threat to RNG



Quoting from a discussion of threat posed by software virtualization as
found in Symantec's ISTR:xi, released today:

> The second type of threat that Symantec believes could emerge is >
> related to the impact that softwarevirtualized computers may have on
> > random number generators that are used inside guest operating
> > systems > on virtual machines. This speculation is based on some
> > initial work > done by Symantec Advanced Threat Research in a paper
> > on GS and ASLR in > Windows Vista. This research showed that the
> > method  used to generate > the random locations employed in some
> > security technologies would, > under certain circumstances, differ
> > wildly in a software-virtualized > instance of the operating
> > system. If this proves to  be true, it could > have considerable
> > implications for a number of different technologies > that rely on
> > good randomness, such as unique identifiers, as well as > the seeds
> > used in encryption.

--dan

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to
majordomo%metzdowd.com@localhost

References:
- /dev/random often empty
  - From: Greg Troxel
- Re: /dev/random often empty
  - From: Steven M. Bellovin

Prev by Date: Re: Basic questions
Next by Date: 1 zombie per domu
Previous by Thread: Re: /dev/random often empty
Next by Thread: Re: /dev/random often empty
Indexes:

Home | Main Index | Thread Index | Old Index