[b]Issue T32: check if the haveged entropy gathering daemon passes entropy tests in Qubes
Posted by @Patrick
January 1, 2015
https://phabricator.whonix.org/T32[/b]
General info on entropy: https://www.whonix.org/wiki/Dev/EntropyInstructions on how to test haveged:
Entropy, Randomness, /dev/random vs /dev/urandom, Entropy Sources, Entropy Gathering Daemons, RDRAND
[quote=“Qubonix, post:4, topic:769”][quote author=Patrick link=topic=847.msg6213#msg6213 date=1420130255]
check if the haveged entropy gathering daemon passes entropy tests in Qubes:
https://phabricator.whonix.org/T32
[/quote]
Please check my pastedump links. All tests were done inside the same Whonix-Workstation AppVM, based on nrgaways template.
Haveged off:
http://pastedump.eu/bTJwjRHX
http://pastedump.eu/lfzalBt8
http://pastedump.eu/gX0j3mvc
http://pastedump.eu/4rJEnrCj
Haveged on:
http://pastedump.eu/F7LKfUjn
http://pastedump.eu/nFacdE1x
http://pastedump.eu/fT0fJl6e
http://pastedump.eu/6DgREzsB[/quote]
Important security issue!
Will have to get to this as I bring my current backlog of work up to date.
It’s not time to freak out yet. Re-running that test might yield 0 failed tests and everything could be fine.
The haveged author or someone else knowledge should be consulted about how to interpret the tests. Entropy is a rabbit hole.
In any case. ⚓ T31 forward randomness from /dev/random to VMs in Qubes seems the way to go.
Yes. Not upgraded to a security bug/flaw yet. Just an issue brought to attention to confirm.
Yes.
Yes.