[onerng talk] Ubuntu's Pollinate: Distributing Entropy to VMs
Jim Cheetham
jim at gonzul.net
Mon Mar 2 08:56:09 GMT 2015
On Mon, Mar 2, 2015 at 12:08 PM, Paul Warren <pwarren at pwarren.id.au> wrote:
> http://bazaar.launchpad.net/~kirkland/pollen/trunk/view/head:/README
That website does a terrible job of presenting content; I couldn't
adjust the width of the display!
http://blog.dustinkirkland.com/2014/02/random-seeds-in-ubuntu-1404-lts-cloud.html
might be a better starting point.
> Looks interesting, haven't gone deep into it, but I know it was
> something Jim was looking for!
Yes, it looks like the "utility" part of the solution - i.e. he
probably got it working,
But the pollinate shell script just writes into /dev/urandom from
userspace, so he isn't affecting the kernel entropy estimates at all.
Turns out from reading the comments that I had commented on this a
year ago already. I still think it looks like a minimal design - plus,
it uses TLS, which sounds fine but you're starting from a VM with low
entropy and asking for your *seed* random data?
IIRC some of the VM providers do give each VM a separate disk pool of
random data when the instances are created, but that just sounds like
pushing the chicken-and-egg further back.
-jim
More information about the Discuss
mailing list