Re: Xen nuisance messages

To: port-xen%NetBSD.org@localhost
Subject: Re: Xen nuisance messages
From: "Luke S. Crawford" <lsc%prgmr.com@localhost>
Date: Fri, 24 Feb 2012 20:44:04 -0500

On Fri, Feb 24, 2012 at 07:20:15PM -0500, Greg Troxel wrote:
> 
> "Luke S. Crawford" <lsc%prgmr.com@localhost> writes:
> 
> > What I want is a userland program that can connect over the network 
> > to an 'entropy server' -  a dedicated server with a hardware entropy
> > generation dongle, and suck down the entropy it wants.  
> 
> A problem with this approach is that if you want entropy to use for
> generating keys, you have to keep the entropy hidden from the adversary.
> The point, generally, is to create session keys, DH ephemeral half-keys,
> etc. that are unpredictable to others.  So getting cleartext random bits
> doesn't really help if your threat model includes the local net (which
> absent very special circumstances it seems like it should).

Yes.   but, I think something like ssl could mitigate that problem.

Follow-Ups:
- Re: Xen nuisance messages
  - From: Greg Troxel

References:
- Xen nuisance messages
  - From: David Howland
- Re: Xen nuisance messages
  - From: Manuel Bouyer
- Re: Xen nuisance messages
  - From: Luke S. Crawford
- Re: Xen nuisance messages
  - From: Greg Troxel

Prev by Date: Re: Xen nuisance messages
Next by Date: Re: Xen nuisance messages
Previous by Thread: Re: Xen nuisance messages
Next by Thread: Re: Xen nuisance messages
Indexes:

Home | Main Index | Thread Index | Old Index