I want to get a an idea of the rng throughput on machines different than mine so I can have an idea on a seinsible default to rate limit virtio-rng’s access to a guest will be.
The current limit of 1 kb/s is extremely low bordering on useless.
Note that you don’t have to be a Linux baremetal user to try this out.
Test:
-
Run: dd if=/dev/random bs=1k count=1 for 5 times then average the results
-
Please do not run any crypto intensive operations on your machine during this test as it will skew results because some of the rng input will be used up.
On baremetal Debian-8,
506 kB/s
69.0 kB/s
0.0 kB/s
0.0 kB/s
0.0 kB/s
Seemed strange so I looked it up. Something to do with limited “entropy pool”. [ironically, my forum name doesn’t indicate any expertise.]
stackexchange
stackoverflow
superuser
Results from Qubes/Xen VM were also highly volatile but fluctuated in both directions.
Qubes/Xen VM, 1 vcpu, Whonix-Workstation:
141 kB/s
969 kB/s
77 kB/s
89 kB/s
92 kB/s
2nd Qubes/Xen VM, 1 vcpu, Whonix-Workstation:
41.7 kB/s
82.5 kB/s
73 kB/s
97 kB/s
41 kB/s
Also strange, it seems Whonix-Workstation never runs out of entropy.
Thanks for testing. The 0 kb/s means the pool is blocking because entropy has been used up and its waiting for new random bytes to generate.
Inside VMs I see something similar here. The VM entropy seems higher and non exhaustible. This is probably the result of running on virtual hardware. Only Dom0 readings would be realistic I think.
###Qubes R3.2/Whonix 13
####Whonix-WS with haveged:
250 kB/s
193 kB/s
233 kB/s
229 kB/s
245 kB/s
####Whonix-WS without haveged:
244 kB/s
89.3 kB/s
0.0 kB/s
0.0 kB/s
0.0 kB/s
####Dom0 without haveged:
2.2 MB/s
2.2 MB/s
2.2 MB/s
1.9 MB/s
1.9 MB/s