Opened 11 years ago
Last modified 10 years ago
#11297 new defect
poor entropy performance
| Reported by: | Tsso | Owned by: | |
|---|---|---|---|
| Component: | other | Version: | VirtualBox 4.2.4 |
| Keywords: | Cc: | ||
| Guest type: | other | Host type: | all |
Description
Many cryptographic operations depend on entropy. Having too few entropy available results in slow cryptographic operations. (https, gpg, etc.)
A simple test in Virtual Box with Debian Linux guest (rng-tools package) takes ages.
cat /dev/random | rngtest -c 100
Installing packages for entropy collection, such as haveged and/or randomsound, will astronomically speed up this test.
Since the packages depend on hardware and Virtual Box implements only virtual hardware, it's impossible to know if these packages would actually improve or worsen security (entropy quality).
There is no information about this topic available on virtualbox.org.
(Security aspects when not extra package for entropy collection is installed have their own ticket #11296.)
Change History (3)
comment:1 by , 11 years ago
comment:2 by , 11 years ago
comment:3 by , 10 years ago
I use an entropykey (hardware RNG) on the host and serve it to the VM guests using entropy broker.
If you have a busy enough host, you may not need the hardware RNG. There are other hardware RNGs - some recent CPUs include them (and recent Linux exposes them).
For details:
http://www.vanheusden.com/entropybroker/
YMMV
The amount of available entropy depends always on the number of devices the system has access and how busy these devices are. A virtual machine usually implements fewer devices and therefore fewer sources of entropy than a bare-metal system. This problem is the same with all virtual machines, not only with VirtualBox and this is not really a VirtualBox bug. On many bare-metal systems you will see the same behavior if the system is idle.