What is the impact of virtualisation on cryptographically strong random number generators?

Question

/dev/random and /dev/urandom use environmental noise to generate randomness.

With a virtualised server there can be multiple instances of an Operating System on one hardware configuration. These operating systems will all be sourcing their randomness from the same environmental noise.

Does this mean as a group the random number generators strength is reduced as all OS instances are basing their calculations of the same input? Or, is the environmental noise partitioned out so that sharing doesn't occur?

If the latter is true, I can see this reducing the effectiveness of /dev/urandom because it reuses its internal pool and with less environmental input, reduces entropy.

/dev/random should be ok because it blocks until enough noise is acquired... unless of course the OS instances are all sharing the input.

So, the question: What is the impact of virtualisation on cryptographically strong random number generators, specifically those that use environmental noise?

Answer 1

I couldn't find any references quickly, but it would seem to me that the entropy is derived from the kernel data structures for the devices, not the actual devices themselves. Since these would be independent regardless of virtualization, I suspect the answer is not much.

[EDIT] After peeking at the kernel source (actually patch history), it looks like Linux, at least, gathers entropy from keyboard presses, mouse activity, interrupt timing (but not all interrupts), and block device request finishing times. On a virtualized system, I suspect that mouse/keyboard events would be pretty low and thus not contribute to the entropy gathered. Presumably this would be offset by additional network I/O interrupt activity, but it's not clear. In this respect, I don't think it differs much from non-VM server.

Answer 2

Thanks.

From what I understand that a system that relies on network I/O for entropy is susceptible to man in the middle attacks. I found the follow article that discusses appropriate sources of entropy. Their suggestion is to remove network I/O from the Linux kernel because of its susceptibility.

I think that means that there is possibility for exploiting the common hardware in a virtualised environment. The chance is increased if network I/O is used. Otherwise it is low enough not to be of a concern for all but the most secure of applications. In such instances it probably safer to host your own application anyway.

Answer 3

By definition, the randomness of a cryptographically strong PRNG should not be affected by virtualization. As you mention, the difference between /dev/random and /dev/urandom [ref: http://en.wikipedia.org/wiki/Urandom/] is that a read operation on /dev/random will block if the system has gathered insufficient entropy to produce the desired amount of random data. You may also write to /dev/random to mix your own data into the entropy pool.