AretNCarlsen
- Karma
- 683
- Created
- February 22, 2010 (16y ago)
- Submissions
- 0
-
When running a server instance on Amazon/Rackspace/etc, where your server relies on /dev/random (e.g. for SSL and other cryptography),
-
4.) you have implemented your own RNG (e.g. *haveged* or a WAN-accessed entropy source).
-
1.) you haven't ever thought about whether /dev/random is reliable in a VM environment.
-
3.) you regularly run entropy testers against /dev/random to verify randomness (and hope/trust that the entropy you observe is unique, not copied to any other instances).
-
2.) you have thought about it, and chosen to hope/trust that the VM provider has implemented a reliable RNG (and that your server image/snapshot accesses it properly, especially restarted snapshots).
-
1.) you haven't ever thought about whether /dev/random is reliable in a VM environment.
-
2.) you have thought about it, and chosen to hope/trust that the VM provider has implemented a reliable RNG (and that your server image/snapshot accesses it properly, especially restarted snapshots).
-
3.) you regularly run entropy testers against /dev/random to verify randomness (and hope/trust that the entropy you observe is unique, not copied to any other instances).
-
4.) you have implemented your own RNG (e.g. *haveged* or a WAN-accessed entropy source).
-
3.) run entropy testers against /dev/random to verify entropy (and hope/trust that the entropy you observe is uninot copied to any other instances).
-
1.) haven't ever thought about whether /dev/random is reliable in a VM environment.
-
2.) have thought about it, and chosen to hope/trust that the VM provider has implemented a reliable RNG (and that your server image/snapshot accesses it properly, especially restarted snapshots).
-
4.) implement RNG independently in software (e.g. *haveged*).
-
Peachy Dandy [peachydandy.com], the web hosting service for two of my domains, ceased to be sometime on Sunday 2011-02-13. Nameserver domains unregistered, control panels inaccessible. No warnings, no email…