adrelanos:
> Hi!
>
> Quoted form the haveged testing page [1]:
> "[...] will behave similarly in a virtual environment is a more risky
> proposition [...] there have been reports of VM that implement the
> processor time stamp counter as a constant and there are known
> differences in cpuid operation in others. [...]"
>
> (Note the runtime checking is not yet available in the haveged Debian
> package since the Debian package has not yet been updated to the latest
> haveged version.)
>
> Will haveged create sufficient entropy in Virtual Box? Luckily, haveged
> comes with tools to check the if the entropy it creates.
>
> The README in the haveged source folder and the haveged website [2]
> contains instructions [1] for testing haveged.
>
> apt-get source haveged
> cd haveged-*
> ./configure --enable-nistest
> make check
>
> ## perhaps repeat
> #make clean
> #make check
>
> Should say something like
>
> 0 failed individual tests
> PASS: nist/test.sh
> ==================
> All 2 tests passed
> ==================
>
> The tests succeeded. The maintainer is very well aware of it and even
> included run-time checks in the latest version. I can not determine
> whether it's perfectly safe, but I can say: no known vulnerabilities.
I recently wrote a post about entropy collection for Qubes OS, which has
a similar problem (entropy starved VMs).
While writing the post I came across this great LWN article
https://lwn.net/Articles/525459/
Near the end it discusses HAVEGE with the startling point:
"One of Peter's colleagues replaced the random
input source employed by HAVEGE with a constant
stream of ones. All of the same tests passed."
