From: Jeff D. <jd...@ad...> - 2005-03-11 18:17:54
|
ro...@la... said: > I'm just thinking about those UML hosting farms, with several UML > instances per machine, on machines which haven't got a keyboard > attached constantly feeding entropy into the pool. If just ONE of > them is serving ssl connections from its own /dev/urandom, that would > drain the /dev/random entropy pool on the host machine almost > immediately... All true (except for that last reference to urandom), but also irrelevant to whether UML's hwrng should be hooked up to the host's /dev/random or not. As far as I can see, the only thing that matters is that hwrng should produce real randomness, and that can only be had by reading /dev/random (or maybe the host's /dev/hwrng, but that's supposed to be fed into /dev/random anyway). So, hooking up the UML /dev/hwrng to the host's /dev/urandom would be lying. If the host's entropy pool gets drained as a result, I would say that's an application bug, and not a reason for UML to get its randomness from the host's /dev/urandom. Jeff |