Slashdot Mirror

← Back to Stories (view on slashdot.org)

Entropy Problems For Linux In the Cloud

Posted by kdawson on from the mehr-Zufälligkeit dept.

CalTrumpet writes "Our research group recently spoke at Black Hat USA on the topic of cloud computing security. One of the interesting outcomes of our research was the discovery that the combination of virtualization technologies and public system images results in a problem for random number generation on guest operating systems. This is especially true for Linux, since its PRNG uses only a small set of entropy-gathering events, and virtual Linux images often generate SSH host keys within seconds of their initial boot. The slides are available; the PRNG vulnerability material begins at slide 63."

8 of 179 comments (clear)

  1. The main problem with cloud computing by Anonymous Coward · · Score: 0, Funny

    is that it doesn't exist. It's a farce, a meaningless buzzword, just like web 2.0.

    A more appropriate word would be servers.

  2. Much ado about nothing. by Facegarden · · Score: 5, Funny

    All this complaining over random numbers is silly. All you really have to do is use 5. It's just as random as any other number, and it's easy to generate a 5.
    -Taylor

    --
    Worldwide Military budgets: $2100 billion. Worldwide Space Exploration budgets: $38 billion. Really, world? Really?
    1. Re:Much ado about nothing. by BobisOnlyBob · · Score: 5, Funny

      This only proves how easy it is to generate a (5, Funny).

    2. Re:Much ado about nothing. by hannson · · Score: 2, Funny

      int getRandomNumer()
      {
              return 4; // chosen by fair dice roll.
      // guaranteed to be random.
      }

  3. Re:Getting creative by JWSmythe · · Score: 3, Funny

        Well, clearly that "Linux" thing is a toxic gas weapon being used by the reds. Ya, I'd worry about them blowing up a chemical weapon in the clouds. They obviously got the technology from the Nazi's (no, not a candidate for Godwin's law).

        I don't know about you, but I'm grabbing my M1 Garand and heading down to the shelter under the house. Once that Linux stuff clears, I'll they'd better have thought twice about attackin' my good ol US of A.

        Well, you asked what they would have though 50 years ago, didn't you? :)

       

    --
    Serious? Seriousness is well above my pay grade.
  4. FTA... by NotBorg · · Score: 4, Funny

    "This falls somewhere between a very big deal and irrelevant," says Wagner.

    I'm glad he cleared that up for me.

    --
    I want this account deleted.
  5. The generation of random numbers... by ameline · · Score: 5, Funny

    As has been so often said, the generation of random numbers is too important to be left to chance. :-)

    --
    Ian Ameline
  6. Re:Linux has a paravirtual entropy driver by plasmacutter · · Score: 2, Funny

    I heard the aliens from zeta reticuli utilize paravirtual entropy drivers to get to earth.

    --
    VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!