On Tue, Jul 20, 2010 at 11:16 AM, Stephen Gallagher <sgallagh@xxxxxxxxxx> wrote: > A properly-designed cloud computing solution is one where the virtual > machines being hosted in the cloud can be fully encrypted so that the > hosting provider cannot (feasibly) glean any information from them. I do not see a point of an encrypted guest on a third party host. If you control the host, couldn't you grab the encryption key from the running guest's RAM? Or, maybe you could seed the entropy that the guest sees, thus removing randomness and compromising any key generation on the guest? I'm not saying that those things would be trivial to do - though I would guess the second time would be a lot easier for an attacker than the first. But, it doesn't seem proper to me to have something you hneed to encrypt on a guest on an untrusted host. (Excepting the obvious case where you're just storing a random file on the guest and never decrypting it or letting the keys into the RAM of the guest.) -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
