Re: WARNING pseudorandom rekeying

To: Jean-Yves Migeon <jeanyves.migeon%free.fr@localhost>
Subject: Re: WARNING pseudorandom rekeying
From: Emmanuel Dreyfus <manu%netbsd.org@localhost>
Date: Sun, 29 Dec 2013 04:43:34 +0000

On Sun, Dec 29, 2013 at 03:05:12AM +0100, Jean-Yves Migeon wrote:
> It means that the RNG was seeded with a (supposedly) bad state, e.g.
> with not enough random bits to be deemed safe.
> 
> It is generally not safe to keep long term keys generated during
> that state.

IMO there is something to fix, as it is easy to miss the message 
during first boot.

> IMHO long term keys should not be created directly from a domU, let
> alone a VM; running a "dd if=/dev/random count=16 bs=1" can almost
> hang indefinetly in a domU, or (even worse) output not-so-random
> bits with other kind of VM subsystems (KVM without virtio-rng
> drivers). On a generic host it should return almost instantly.

If I understand correctly, the only problem for keys generated in 
a NetBSD domU is performances? If there is not enough randomness, 
it will just wait?

-- 
Emmanuel Dreyfus
manu%netbsd.org@localhost

Follow-Ups:
- Re: WARNING pseudorandom rekeying
  - From: Jean-Yves Migeon

References:
- WARNING pseudorandom rekeying
  - From: Emmanuel Dreyfus
- Re: WARNING pseudorandom rekeying
  - From: Jean-Yves Migeon

Prev by Date: Re: WARNING pseudorandom rekeying
Next by Date: Emacsen segfaulting on startup
Previous by Thread: Re: WARNING pseudorandom rekeying
Next by Thread: Re: WARNING pseudorandom rekeying
Indexes:

Home | Main Index | Thread Index | Old Index