Does Docker affect the quality of cryptographic operations?

Question

Is running cryptographic operations (encryption / decryption / signing / verifying / key-exchange / key-generation) in a Docker container affecting the quality of the crypto or entropy?

If it does impact it, how do you mitigate that risk and are all cryptographic programs equals likely to suffer this?

related to https://security.stackexchange.com/q/169642/5470 – LLub Dec 19 '19 at 21:15 — LLub, Dec 19 '19 at 21:15

score 2 · Accepted Answer · answered Dec 19 '19 at 21:19

2

The response is NO, the crypto operations in general are generated by libraries like openssl, libsodium and so on, no by a docker. The only case that came to my mind is that your docker uses old libraries that have vulnerabilities or issues.

answered Dec 19 '19 at 21:19

camp0

2,172
1
10
10

I was about to downvote this for not being true, because it isn't true for some of the operations that OP mentions: You need random numbers for key-generation and exchange methods like Diffie-Hellmann. Containers still get their library through syscalls / random device files that are offered by the host, which might, considering there might be very many containers coordinating to "poison" the entropy pool be affected. I'm not aware of a practical attack, though. – Marcus Müller Dec 19 '19 at 23:52

Does Docker affect the quality of cryptographic operations?

1 Answers1