Re: [PATCH v4 0/5] /dev/random - a new approach
From: Austin S. Hemmelgarn
Date: Tue Jun 21 2016 - 13:54:24 EST
On 2016-06-21 13:23, Stephan Mueller wrote:
Am Dienstag, 21. Juni 2016, 13:18:33 schrieb Austin S. Hemmelgarn:
Hi Austin,
You have to trust the host for anything, not just for the entropy in
timings. This is completely invalid argument unless you can present a
method that one guest can manipulate timings in other guest in such a
way that _removes_ the inherent entropy from the host.
When dealing with almost any type 2 hypervisor, it is fully possible for
a user other than the one running the hypervisor to manipulate
scheduling such that entropy is reduced. This does not imply that the
Please re-read the document: Jitter RNG does not rest on scheduling.
If you are running inside a VM, your interrupt timings depend on the
hpyervisor's scheduling, period. You may not directly rely on
scheduling from the OS you are running on, but if you are doing anything
timing related in a VM, you are at the mercy of the scheduling used by
the hypervisor and whatever host OS that may be running on.
In the attack I"m describing, the malicious user is not manipulating the
guest OS's scheduling, they are manipulating the host system's scheduling.