On 2/24/2012 6:08 AM, Manuel Bouyer wrote:
On Thu, Feb 23, 2012 at 10:37:28PM -0500, David Howland wrote:Does a Xen machine have any way to generate entropy?Not a strong one. The only sources of entropy are xbd and xennet which are disabled by default (because they're probably not very good) but can be enabled with rndctl. AFAIK no interface has been designed to get some entropy from dom0.
That's very interesting, and similar to what I expected to hear. This seems like a problem for a person or company that has virtualized their servers. A quick Google search reveals that Linux had this problem too, although I didn't find if they did something to solve it. It also turned this up [https://lkml.org/lkml/2006/5/12/103], which describes why entropy collection is disabled by default. I will enable collection on xbd and xennet because I'm not worried about that kind of attack vector.
thanks, -d