This https://github.com/Whonix/whonix-libvirt/pull/87/files#r301910383 i.e. setting from
<backend model='random'>/dev/random</backend>
to
<backend model='random'>/dev/urandom</backend>
has to be carefully considered.
Is this recommended / discussed somewhere?
What would happen in the guest if /dev/random on the host (“backend”) blocks?
With havegend and/or jitterentropy-rngd installed on the host, neither /dev/random nor /dev/urandom seem to ever block.
Even without havegend and/or jitterentropy-rngd installed on the host, are inside VM issues, i.e. /dev/random entropy blocking/exhaustion issues ever been reported or reproducible?
If https://www.whonix.org/wiki/Dev/Entropy#.2Fdev.2Frandom_vs._.2Fdev.2Furandom i.e.
/dev/random vs. /dev/urandom
This debate comes from a misconception by the Linux manual writer. […]
is true, then /dev/random vs. /dev/urandom does not really matter and /dev/urandom would be secure either way.
On the other hand https://www.2uo.de/myths-about-urandom while “being a strong critic of using /dev/random” still concludes
Linux’s /dev/urandom happily gives you not-so-random numbers before the kernel even had the chance to gather entropy. When is that? At system start, booting the computer.
And I like to add: “When is that? At system start, booting the computer, or when there is a bug.”
It depends on how much entropy KVM reads from the virtio-rng backend and when that is happening. Since there probably never were blocking issues due to use of /dev/random instead of /dev/urandom (?), /dev/random seems better to me.