On Thu, Apr 24, 2014 at 11:39:42AM -0400, Paul Wouters wrote: > On Thu, 24 Apr 2014, Florian Weimer wrote: > > >I don't think "openssl genrsa 2048" has this issue on today's > >machines. (I know I saw it with GNUTLS.) > > I was sceptical, so I tried this on a freshly booted VM: > > root@bofh:~# virsh start north > Domain north started > root@bofh:~# ssh root@north > Last login: Wed Apr 23 11:54:46 2014 > [root@north ~]# time openssl genrsa 2048 > [...] > real 0m0.382s > user 0m0.267s > sys 0m0.003s > > Call me very surprised! We finally have real entropy in VMs now. Good news!
Some virtual machines will have virtio-rng (a virtio device that provides entropy to the guest from the host's /dev/urandom). This requires a driver, but it is commonly available in recent Linux guests. Some may have been created with virt-sysprep/virt-builder which adds randomness directly to /var/lib/random-seed (or wherever systemd has moved that file to this week). Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-top is 'top' for virtual machines. Tiny program with many powerful monitoring features, net stats, disk stats, logging, etc. http://people.redhat.com/~rjones/virt-top -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
