[ALUG] Entropy on virtual machines
Andreas Tauscher
ta at geuka.net
Thu Jan 2 17:07:10 EAT 2014
On 14.12.2013 21:31, Andreas Tauscher wrote:
> is low.
> I just faces the problem the regeneration of SSL parameters took ages.....
> On virtual machines the randomness is low. Since all hardware is virtual
> there is no real source for the random number generator of the kernel.
> Install the rng-tools and add (Debian/Ubuntu) in /etc/default/rng-tools:
> HRNGDEVICE=/dev/urandom
> and restart the rng-tools.
I must revise this a little bit.
There is a bug in the thinking.
The problem is the difference between /dev/random and /dev/urandom
/dev/random is a blocking device, /dev/urandom is nonblocking.
If the entropy pool (a buffer with random numbers) of the system is
empty /dev/random returns the next value not before the pool is filled
again up to an watermark. /dev/urandom is nonblocking, if the pool is
empty it reuses old values.
So using /dev/urandom to feed /dev/random is making the random numbers
less random. So the quality of the generated keys is less.
If the server has no hardware random numbers generator as source can be
used things like the soundcard [1] or anything else making normally
unwanted noise.
Andreas
[1] http://www.vanheusden.com/aed/
More information about the Linux
mailing list