Whether you want to build the software, run it, grow the community or just learn more about it, there will be content, workshops and design sessions for you to attend at the OpenStack Summit, Oct 15-18 in San Diego. Stick around Friday for the first OpenStack service day, a 1/2 day beach cleanup.

Register now! openstacksummitfall2012.eventbrite.com
Back To Schedule
Thursday, October 18 • 2:20pm - 3:00pm
Entropy (or lack thereof) in OpenStack Instances

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

The lack of quality sources of entropy in cloud computing environment is a problem that has gained considerable attention this year, and has consequences that permeate the entire fabric of cryptography in enterprises.  Virtual machines typically lack physical hardware devices that provide random noise, such as microphones, wireless adapters, or serial bus interrupts.  Monitoring network interrupts generated by traffic (such as ARP requests) is one of the few sources of unpredictable input in cloud networks, but even that traffic can be somewhat scarce in some networks.  Without sufficient randomness, servers routinely generate vulnerable TLS certificates and predictable RSA/DSA private SSH keys.

In this session, we’ll discuss a draft RFC, proposing a network protocol for peer-to-peer exchange of randomness, review an open source implementation of that protocol in C, consider the results of some entropy quality tests, propose its inclusion as an OpenStack Incubator project. We’ll consider the opportunity for collaboration among cloud guests to interchange randomness in ways that defy predictably from outside observers, internal users, as well as offline users.

We'll also discuss other potential solutions to the problem, such as passing through Intel's new DRNG to guests, extending Nova to seed guests with better entropy through a virtio or disk device, as well as other suggestions brought by attendees.

avatar for Dustin Kirkland

Dustin Kirkland

CTO, Gazzang, Inc.
Dustin Kirkland drives the technical vision, competitive strategy and product roadmap for Gazzang. Dustin has more than 10 years of experience developing and deploying Linux and other open source-related solutions, and is a co-author of eCryptfs, an enterprise-class, stacked cryptographic... Read More →

Thursday October 18, 2012 2:20pm - 3:00pm PDT
Manchester E

Attendees (0)