poor entropy performance

[Tsso]

Many cryptographic operations depend on entropy. Having too few entropy available results in slow cryptographic operations. (https, gpg, etc.)

A simple test in Virtual Box with Debian Linux guest (rng-tools package) takes ages.

cat /dev/random | rngtest -c 100

Installing packages for entropy collection, such as haveged and/or randomsound, will astronomically speed up this test.

Since the packages depend on hardware and Virtual Box implements only virtual hardware, it's impossible to know if these packages would actually improve or worsen security (entropy quality).

There is no information about this topic available on virtualbox.org.

(Security aspects when not extra package for entropy collection is installed have their own ticket #11296.)

[frank]

The amount of available entropy depends always on the number of devices the system has access and how busy these devices are. A virtual machine usually implements fewer devices and therefore fewer sources of entropy than a bare-metal system. This problem is the same with all virtual machines, not only with VirtualBox and this is not really a VirtualBox bug. On many bare-metal systems you will see the same behavior if the system is idle.

[Tsso]

OK.

I think the recommendation is Virtual Box specific, since all Virtual Machines implement the hardware a bit different (TSC accurate or entropy). And those tools still depend on hardware.

Can you recommend a solution compatible/safe with Virtual Box please?  Haveged maybe? ( deb)

[tlhackque]

I use an entropykey (hardware RNG) on the host and serve it to the VM guests using entropy broker.

If you have a busy enough host, you may not need the hardware RNG. There are other hardware RNGs - some recent CPUs include them (and recent Linux exposes them).

For details:

 http://www.entropykey.co.uk/

 http://www.vanheusden.com/entropybroker/

YMMV