Over the past week or so, several articles have turned up in such esteemed publications as Slashdot linking to Forbes.com and Information Week regarding the fact that cloud computers have issues getting at those precious bits of entropy required to secure SSL transactions and the like.
Indeed, modern GNU/Linux distributions, and various other operating
systems, rapidly consume the available entropy during normal operations.
Ubuntu 9.04, at least, uses
order to reduce the effectiveness of attacks since no two shells will
have the same layout of address space etc. You can read more about ASLR
if you want to. Essentially, ASLR is done by reading 64 bits of data
/dev/urandom during process startup and then using that to seed a
PRNG which is then used to peturb the layout of the dynamically loaded
objects in the process. Indeed if the process itself is compiled
appropriately then the main executable can be moved about from process
start to process start.
All this, unfortunately, depletes the pool of entropy available to the
/dev/urandom continues to work when the pool is
depleted, and indeed will not reduce the pool below a threshold value
regardless of how much it is used. However this does open the door to
the question of whether or not there might be an attack related to
causing a server to spawn enough processes that it has insufficient
entropy to subsequently establish a good SSL session or similar.
Normally a Linux system will gather entropy from such things as the miniscule differences in HDD response times, interrupts from keyboards and mice, etc. However a virtual computer (KVM, VMWare, Cloud system etc) doesn’t tend to have a real HDD, or in many cases, any useful amount of interactivity to produce entropic events to be measured. This results in cloud computers often having little to no entropy and no real way of gathering more. Some people believe this leads to being able to predict the random pool of one virtual machine, using the pool of a clone of it.
When Simtec first started talking about the Entropy Key we were inundated with people interested in whether or not it’d help for virtual machines. Initially we assumed it would, but after spending a long time poking at the Linux kernel, at KVM etc, we determined that unfortunately it wouldn’t usefully help in the state it was in. So, I spent some time and updated the Entropy Key’s host software to support the EGD’s protocol, over both unix domain sockets and TCP. This, along with another simple tool which can connect to an EGD socket and push entropy into the Linux random pool, means that we have an, admittedly network-reliant, excellent way to push entropy from one host with a physical Entropy Key, to one or more systems for use in their random pools.
When the Entropy Key is released, the host software will be released as free software (under the MIT licence) and as such we hope that if anyone else has any cool ideas, for helping with getting entropy to cloud computers, they will send patches. I’m exceedingly proud that we’re releasing the host software under a F/LOSS licence and I hope that anyone who runs lots of VMs will be interested in this latest development in the host software too. If you are interested, be sure to check out the Entropy Key Website and send us a mail if you want to be told when retail units become available.