Evaluate how safe haveged is in a virtualized environment
haveged relies on the RDTSC instruction, that apparently is useless in “some” virtualized environments:
- http://sources.debian.net/src/haveged/1.9.1-1/debian/README.Debian/
- https://security.stackexchange.com/questions/34523/is-it-appropriate-to-use-haveged-as-a-source-of-entropy-on-virtual-machines
- https://github.com/globaleaks/GlobaLeaks/issues/720#issuecomment-29251112
- https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2011-02
- Concurrency as a Random Number Generator - Technical Report and its companion
- schleuder/schleuder#194 mentions also https://github.com/BetterCrypto/Applied-Crypto-Hardening/commit /cf7cef7a870c1b77089b1bd6209ded6525b5a4e0#commitcomment-23006392 and https://lists.cert.at/pipermail/ach/2017-May/002251.html
We should research this further. A good question would be: would we be better off if we did not ship haveged at all, and instead relied only on the standard Linux entropy gathering method (that also likely has flaws when used in a VM)?
Related issues
- Related to #5650 (closed)
- Related to #6116
- Related to #10779 (closed)
- Related to #11898 (closed)
- Related to #17154
Original created by @intrigeri on 7102 (Redmine)