Issue T31: forward randomness from /dev/random to VMs in Qubes

WhonixQubes · January 11, 2015, 7:39am

[b]Issue T31: forward randomness from /dev/random to VMs in Qubes

January 1, 2015

https://phabricator.whonix.org/T31[/b]

Talked to Joanna at C1C3.
Qubes does not forward real randomness from /dev/random to VMs yet. They have no plans to add this feature yet.

Although Qubes installs haveged by default, it’s not clear if that is random enough. Randomness is a very difficult topic. Difficult to get down the rabbit hole. It’s better to bootstrap haveged with strong entropy and to have multiple sources of randomness.

In comparison, for KVM there is VirtIO RNG.

VirtIO RNG is a paravirtualized device that is exposed as a hardware RNG device to the guest.

And I don’t think they implemented this because they were bored. I think in this case it’s better to be safe than sorry.

She said one could implement this using qrexec and that they would merge a patch implementing this.

See also:
https://qubes-os.org/ticket/673
General info on randomness:
https://www.whonix.org/wiki/Dev/Entropy</blockquote>

WhonixQubes · January 11, 2015, 9:11pm

Important security issue!

Will have to get to this as I bring my current backlog of work up to date.