Re: [PATCH v4 0/5] /dev/random - a new approach

From: Austin S. Hemmelgarn
Date: Tue Jun 21 2016 - 13:54:24 EST


On 2016-06-21 13:23, Stephan Mueller wrote:
Am Dienstag, 21. Juni 2016, 13:18:33 schrieb Austin S. Hemmelgarn:

Hi Austin,

You have to trust the host for anything, not just for the entropy in
timings. This is completely invalid argument unless you can present a
method that one guest can manipulate timings in other guest in such a
way that _removes_ the inherent entropy from the host.

When dealing with almost any type 2 hypervisor, it is fully possible for
a user other than the one running the hypervisor to manipulate
scheduling such that entropy is reduced. This does not imply that the

Please re-read the document: Jitter RNG does not rest on scheduling.
If you are running inside a VM, your interrupt timings depend on the hpyervisor's scheduling, period. You may not directly rely on scheduling from the OS you are running on, but if you are doing anything timing related in a VM, you are at the mercy of the scheduling used by the hypervisor and whatever host OS that may be running on.

In the attack I"m describing, the malicious user is not manipulating the guest OS's scheduling, they are manipulating the host system's scheduling.