6

Recently we ran into a problem where one of our Linux-based virtual machines was really slow due to a chronic shortage of "entropy".

I'm wondering if Windows virtual machines would suffer from the same problem. (A Google search gave me no relevant hits, but I could be using the wrong search terms.)

sysadmin1138
  • 131,083
  • 18
  • 173
  • 296
Stephen C
  • 541
  • 4
  • 18
  • 1
    Is this a real problem you're facing, or just a theoretical question? – EEAA Jul 17 '12 at 01:29
  • Which VM platform are you using? – Andrew Jul 17 '12 at 01:58
  • This is not entirely theoretical, but it is not necessarily the real explanation for a problem I have ... and hence the general question. – Stephen C Jul 17 '12 at 02:19
  • @Andrew - VMWare 4.x – Stephen C Jul 17 '12 at 02:25
  • 2
    Editing > arguing. – Michael Hampton Jul 17 '12 at 23:31
  • 1
    @StephenC - Just another heads up, "vmware" is a brand name, and they have a lot of products at or past v4; I think we're all assuming VMWare ESXi but you might want to clarify, otherwise it could be VMWare Fusion 4, VMWare Workstation 4, VMWare View 4, VMWare ESX 4, VMWare ESXi 4, etc (if you get my drift); because of this exact reason we've actually banned the `vmware` tag from the site. – Mark Henderson Jul 18 '12 at 00:51
  • Note that newer Intel processors include a [built-in hardware RNG](https://en.wikipedia.org/wiki/RdRand), which should alleviate this problem. – Wyzard Jul 18 '12 at 03:57

2 Answers2

3

The documentation for the Windows cryptographic API does not suggest that the calls for generating a key or generating random data can fail or be delayed due to insufficient entropy. So, no, Windows does not suffer from the problem you're describing.

This may mean that in a virtual or otherwise external-entropy-starved environment some cryptographic functions might not be as secure as is desirable. However, I've never seen any analysis of this. I'm inclined to think that modern computers are sufficiently complicated that internal entropy sources are adequate, and the Linux systems are just being overly cautious - but I'm not a cryptographer, so my opinion doesn't really count!

Harry Johnston
  • 5,875
  • 4
  • 35
  • 52
  • +1, Just for info, see my answer for cryptanalysis of windows PRNG : http://serverfault.com/questions/430592/windows-server-2008r2-monitoring-the-amount-of-available-entropy/430597#430597 –  Sep 25 '12 at 12:07
0

If by 'virtuals' you mean 'virtual machines', then yes, like any other system they can have problems with shortage of entropy in operations requiring lots of real randomness. This can happen in any system, if it ends up needing lots of randomness, but doesn't have a good source.

If you are doing something that requires lots of random numbers, I'd suggest some kind of physical random number generator.

Michael Kohne
  • 2,284
  • 1
  • 16
  • 29
  • 3
    It's probably worth noting that this issue is not specific to VMs. Bare-metal systems can run out of entropy as well. – EEAA Jul 17 '12 at 01:24
  • But the question is if a Windows system is likely to slow to a crawl if it runs out of entropy due to (for example) handling lots of HTTPS requests in a short period. – Stephen C Jul 17 '12 at 02:22
  • @ErikA - but it is more likely on a (headless) virtual because the virtualization layer hides a lot of the sources of entropy. (That is my experience with Linux on VMware.) – Stephen C Jul 17 '12 at 02:24