[Cialug] Get Random in VMware
Zachary Kotlarek
zach at kotlarek.com
Wed Jul 20 13:54:13 CDT 2016
On 20 Jul 2016, at 11:30, Todd Walton wrote:
> Anybody know of a better way of getting randomness in a VMware virtualized
> Red Hat / CentOS guest than /dev/random? /dev/random and /dev/urandom take
> *forever* to churn out random numbers. On the order of approximately a byte
> every 3 seconds.
>
> haveged maybe?
>
> http://security.stackexchange.com/questions/34523/is-it-appropriate-to-use-haveged-as-a-source-of-entropy-on-virtual-machines
CPU jitter (which is what HAVEGE uses) is the most commonly available source; it’s available on any system with access to high-resolution timers, which is available on most modern CPUs including VMs. Some VM environments will pass through access to the host’s entropy source, but if you don’t control the host (or it doesn’t have a source that’s support for pass through) that may not be available.
Starting in kernel 4.2 there’s the jitterentropy_rng module (config name: CRYPTO_JITTERENTROPY) based on the conceptually similar work from http://www.chronox.de/jent.html. It requires a userland daemon to manage the entropy estimate (which is important if you want to consume from /dev/random at speed) but actual entropy generation is in-kernel and produces something like 10 KBps on mid-range hardware.
Zach
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2320 bytes
Desc: S/MIME digital signature
URL: <http://cialug.org/pipermail/cialug/attachments/20160720/17ed3bfd/attachment.bin>
More information about the Cialug
mailing list