VirtualBox

Ticket #11297 (new defect)

Opened 6 years ago

Last modified 6 years ago

poor entropy performance

Reported by: Tsso Owned by:
Component: other Version: VirtualBox 4.2.4
Keywords: Cc:
Guest type: other Host type: all

Description

Many cryptographic operations depend on entropy. Having too few entropy available results in slow cryptographic operations. (https, gpg, etc.)

A simple test in Virtual Box with Debian Linux guest (rng-tools package) takes ages.

cat /dev/random | rngtest -c 100

Installing packages for entropy collection, such as haveged and/or randomsound, will astronomically speed up this test.

Since the packages depend on hardware and Virtual Box implements only virtual hardware, it's impossible to know if these packages would actually improve or worsen security (entropy quality).

There is no information about this topic available on virtualbox.org.

(Security aspects when not extra package for entropy collection is installed have their own ticket #11296.)

Change History

comment:1 Changed 6 years ago by frank

The amount of available entropy depends always on the number of devices the system has access and how busy these devices are. A virtual machine usually implements fewer devices and therefore fewer sources of entropy than a bare-metal system. This problem is the same with all virtual machines, not only with VirtualBox and this is not really a VirtualBox bug. On many bare-metal systems you will see the same behavior if the system is idle.

comment:2 Changed 6 years ago by Tsso

OK.

I think the recommendation is Virtual Box specific, since all Virtual Machines implement the hardware a bit different (TSC accurate or entropy). And those tools still depend on hardware.

Can you recommend a solution compatible/safe with Virtual Box please?  Haveged maybe? ( deb)

comment:3 Changed 6 years ago by tlhackque

I use an entropykey (hardware RNG) on the host and serve it to the VM guests using entropy broker.

If you have a busy enough host, you may not need the hardware RNG. There are other hardware RNGs - some recent CPUs include them (and recent Linux exposes them).

For details:

 http://www.entropykey.co.uk/

 http://www.vanheusden.com/entropybroker/

YMMV

Note: See TracTickets for help on using tickets.

www.oracle.com
ContactPrivacy policyTerms of Use