Hi!
Quoted form the haveged testing page [1]:
"[...] will behave similarly in a virtual environment is a more risky
proposition [...] there have been reports of VM that implement the
processor time stamp counter as a constant and there are known
differences in cpuid operation in others. [...]"
(Note the runtime checking is not yet available in the haveged Debian
package since the Debian package has not yet been updated to the latest
haveged version.)
Will haveged create sufficient entropy in Virtual Box? Luckily, haveged
comes with tools to check the if the entropy it creates.
The README in the haveged source folder and the haveged website [2]
contains instructions [1] for testing haveged.
apt-get source haveged
cd haveged-*
./configure --enable-nistest
make check
## perhaps repeat
#make clean
#make check
Should say something like
0 failed individual tests
PASS: nist/test.sh
==================
All 2 tests passed
==================
The tests succeeded. The maintainer is very well aware of it and even
included run-time checks in the latest version. I can not determine
whether it's perfectly safe, but I can say: no known vulnerabilities.
Cheers,
adrelanos
[1]
http://www.issihosts.com/haveged/ais31.html
[2]
http://www.issihosts.com/haveged/index.html