similar to: Can/should I mix entropy sources?

On Fri, Aug 10, 2018 at 08:33:00PM +0000, procmem wrote: > Hello. I'm a distro maintainer and was wondering about the efficacy of > entropy daemons like haveged and jitterentropyd in qemu-kvm. One of the > authors of haveged [0] pointed out if the hardware cycles counter is > emulated and deterministic, and thus predictible. He therefore does not > recommend using HAVEGE on

On Fri, 29 Jul 2016 15:12:30 +0200 Stephan Mueller <smueller at chronox.de> wrote as excerpted: > Am Freitag, 29. Juli 2016, 09:03:45 CEST schrieb Alex Xu: > > In my opinion, assuming I am not doing something terribly wrong, > > this constitutes a bug in the kernel's handling of getrandom calls > > at boot, possibly only when the primary source of entropy is >

Am Freitag, 29. Juli 2016, 10:14:07 CEST schrieb Alex Xu: Hi Alex, > On Fri, 29 Jul 2016 15:12:30 +0200 > > Stephan Mueller <smueller at chronox.de> wrote as excerpted: > > Am Freitag, 29. Juli 2016, 09:03:45 CEST schrieb Alex Xu: > > > In my opinion, assuming I am not doing something terribly wrong, > > > this constitutes a bug in the kernel's

Am Freitag, 29. Juli 2016, 10:14:07 CEST schrieb Alex Xu: Hi Alex, > On Fri, 29 Jul 2016 15:12:30 +0200 > > Stephan Mueller <smueller at chronox.de> wrote as excerpted: > > Am Freitag, 29. Juli 2016, 09:03:45 CEST schrieb Alex Xu: > > > In my opinion, assuming I am not doing something terribly wrong, > > > this constitutes a bug in the kernel's

On Fri, Jul 11, 2014 at 06:56:26PM +0530, Amit Shah wrote: > On (Wed) 09 Jul 2014 [12:07:25], Jason Cooper wrote: > > Amit, Kees, > > (snip) > > > I'm cooling to the idea of the init function for virtio-rng, and it > > might be best just to admit that there's no way to seed the entropy pool > > from the virtio-rng at probe time. After all, once

On Fri, Jul 11, 2014 at 06:56:26PM +0530, Amit Shah wrote: > On (Wed) 09 Jul 2014 [12:07:25], Jason Cooper wrote: > > Amit, Kees, > > (snip) > > > I'm cooling to the idea of the init function for virtio-rng, and it > > might be best just to admit that there's no way to seed the entropy pool > > from the virtio-rng at probe time. After all, once

On 08/07/2014 06:08 AM, Amit Shah wrote: > On KVM guests where the virtio-rng device is available, and set as the > current rng, this udev rule will start rngd which will feed in the > host-provided entropy to /dev/random. > > Signed-off-by: Amit Shah <amit.shah at redhat.com> > --- > 90-virtio-rng.rules | 1 + > 1 file changed, 1 insertion(+) > create mode

On 08/07/2014 06:08 AM, Amit Shah wrote: > On KVM guests where the virtio-rng device is available, and set as the > current rng, this udev rule will start rngd which will feed in the > host-provided entropy to /dev/random. > > Signed-off-by: Amit Shah <amit.shah at redhat.com> > --- > 90-virtio-rng.rules | 1 + > 1 file changed, 1 insertion(+) > create mode

On (Thu) 07 Aug 2014 [12:31:11], H. Peter Anvin wrote: > On 08/07/2014 06:08 AM, Amit Shah wrote: > > On KVM guests where the virtio-rng device is available, and set as the > > current rng, this udev rule will start rngd which will feed in the > > host-provided entropy to /dev/random. > > > > Signed-off-by: Amit Shah <amit.shah at redhat.com> > > ---

On (Wed) 09 Jul 2014 [12:07:25], Jason Cooper wrote: > Amit, Kees, (snip) > I'm cooling to the idea of the init function for virtio-rng, and it > might be best just to admit that there's no way to seed the entropy pool > from the virtio-rng at probe time. After all, once userspace is up, the > system should take advantage of /dev/hwrng for the generation of > long-term

Amit, Kees, On Wed, Jul 09, 2014 at 06:55:24PM +0530, Amit Shah wrote: > On (Wed) 09 Jul 2014 [09:17:37], Jason Cooper wrote: > > On Wed, Jul 09, 2014 at 06:38:22PM +0530, Amit Shah wrote: > > > On (Wed) 09 Jul 2014 [07:53:17], Jason Cooper wrote: > > > > On Sat, Jul 05, 2014 at 11:04:52AM +0530, Amit Shah wrote: > > > > > Commit d9e7972619334

Amit, Kees, On Wed, Jul 09, 2014 at 06:55:24PM +0530, Amit Shah wrote: > On (Wed) 09 Jul 2014 [09:17:37], Jason Cooper wrote: > > On Wed, Jul 09, 2014 at 06:38:22PM +0530, Amit Shah wrote: > > > On (Wed) 09 Jul 2014 [07:53:17], Jason Cooper wrote: > > > > On Sat, Jul 05, 2014 at 11:04:52AM +0530, Amit Shah wrote: > > > > > Commit d9e7972619334

On Feb 28, 2016, at 3:19 PM, William Warren <hescominsoon at gmail.com> wrote: > > I have a new centos 6 install. ?on what? A 64 MiB bargain basement VPS, an enterprise grade 32 GiB server, a reflashed network switch?? > I have disabled motd in ssh Why is that relevant? That message likely contains less than 1 kiB of ASCII text, and isn?t held in RAM continuously anyway. That

Hi, I've discovered an issue which I don't understand. On a new test install of EL9 I saw this message in the logs: Mar 01 08:09:18 <hostname> pcp-pmie[2870]: Low random number entropy available 15.6%avail at beta.corp.invoca.ch This is on a 64 core "AMD Opteron(tm) Processor 6282 SE" server but I also got the same low entropy on an EL9 KVM guest running on a "AMD

On KVM guests where the virtio-rng device is available, and set as the current rng, this udev rule will start rngd which will feed in the host-provided entropy to /dev/random. Signed-off-by: Amit Shah <amit.shah at redhat.com> --- 90-virtio-rng.rules | 1 + 1 file changed, 1 insertion(+) create mode 100644 90-virtio-rng.rules diff --git a/90-virtio-rng.rules b/90-virtio-rng.rules new

On Fri, Sep 19, 2014 at 1:21 PM, Nadav Amit <nadav.amit at gmail.com> wrote: > > On Sep 19, 2014, at 9:42 PM, Andy Lutomirski <luto at amacapital.net> wrote: > >> On Fri, Sep 19, 2014 at 11:30 AM, Christopher Covington >> <cov at codeaurora.org> wrote: >>> On 09/17/2014 10:50 PM, Andy Lutomirski wrote: >>>> Hi all- >>>>

On Fri, Sep 19, 2014 at 1:21 PM, Nadav Amit <nadav.amit at gmail.com> wrote: > > On Sep 19, 2014, at 9:42 PM, Andy Lutomirski <luto at amacapital.net> wrote: > >> On Fri, Sep 19, 2014 at 11:30 AM, Christopher Covington >> <cov at codeaurora.org> wrote: >>> On 09/17/2014 10:50 PM, Andy Lutomirski wrote: >>>> Hi all- >>>>

Hello. I'm a distro maintainer and was wondering about the efficacy of entropy daemons like haveged and jitterentropyd in qemu-kvm. One of the authors of haveged [0] pointed out if the hardware cycles counter is emulated and deterministic, and thus predictible. He therefore does not recommend using HAVEGE on those systems. Is this the case with KVM's counters? PS. I will be setting VM CPU

On Sep 19, 2014, at 9:42 PM, Andy Lutomirski <luto at amacapital.net> wrote: > On Fri, Sep 19, 2014 at 11:30 AM, Christopher Covington > <cov at codeaurora.org> wrote: >> On 09/17/2014 10:50 PM, Andy Lutomirski wrote: >>> Hi all- >>> >>> I would like to standardize on a very simple protocol by which a guest >>> OS can obtain an RNG seed

On Fri, Jul 29, 2016 at 01:31:14PM -0400, Alex Xu wrote: > > My understanding was that all three methods of obtaining entropy from > userspace all receive data from the CSPRNG in the kernel, and that the > only difference is that /dev/random and getrandom may block depending > on the kernel's estimate of the currently available entropy. This is incorrect. /dev/random is a