[140325] in cryptography@c2.net mail archive
Re: CPRNGs are still an issue.
daemon@ATHENA.MIT.EDU (Jerry Leichter)
Wed Dec 17 12:19:42 2008
Cc: Damien Miller <djm@mindrot.org>,
"James A. Donald" <jamesd@echeque.com>,
cryptography@metzdowd.com
From: Jerry Leichter <leichter@lrw.com>
To: Joachim@Strombergson.com
In-Reply-To: <4946AFD6.6000703@Strombergson.com>
Date: Tue, 16 Dec 2008 17:23:20 -0500
On Dec 15, 2008, at 2:28 PM, Joachim Str=F6mbergson wrote:
> ...One could probably do a similar comparison to the increasingly =20
> popular
> idea of building virtual LANs to connect your virtualized server =20
> running
> on the same physical host. Ethernet frame reception time variance as
> well as other real physical events should take a hit when moving into
> the virtualization domain. After all, replacing physical stuff with SW
> is the whole point of virtualization.
>
> Does anybody know what VMware, Parallels etc do to support entropy for
> sources like this, or is it basically a forgotten/skipped/ignored =20
> feature?
They don't seem to be doing very much yet - and the problems are very =20=
real. All sorts of algorithms assume that an instance of a running OS =20=
has some unique features associated with it, and at the least (a) =20
those will be fairly stable over time; (b) there will never be two =20
instances at the same time. In different contexts and uses, =20
virtualization breaks both of these. The virtual image captures =20
everything there is to say about the running OS and all its =20
processes. Nothing stops you from running multiple copies at once. =20
Nothing stops you from saving an image, so replaying the same machine =20=
state repeatedly. Conversely, if something in the underlying hardware =20=
is made available to provide uniqueness of some kind, the ability to =20
stop the VM and move it elsewhere - typically between almost any two =20
instructions - means that you can't rely on this uniqueness except in =20=
very constrained ways.
People move to virtualization with the idea that a virtual machine is =20=
just like a physical machine, only more flexible. Well - it's either =20=
"just like", or it's "more flexible"! It can't be both. In fact, =20
"more flexible" is what sells virtualization, and the effects can be =20
very subtle and far-reaching. We don't really understand them.
-- Jerry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
