A common problem with virtualised operating systems is lack of entropy. The Wikipedia entropy page defines it very well as “the randomness collected by an operating system or application for use in cryptography or other uses that require random data”. Virtual machines often lack entropy due to the lack of real hardware sources in a virtualised environment for the OS to use to create entropy.
Add to this the fact that headless physical servers which virtual machines run on often also don’t have much entropy themselves, because of the lack of keyboard and mouse input, and you have a problem. The problem is that low entropy causes encryption operations on your VPS to become less secure and much slower.
However, if you have a VPS with us at Manchester VPS, unlike with many other VPS providers, your VPS does not have to suffer from these problems.
Firstly, on all our physical servers we use the HAVEGE algorithm to pool entropy, by running the haveged entropy daemon. As a result, our physical servers have plenty of entropy available.
Secondly, as we use KVM as our virtualisation platform, we can make available this entropy pool to your VPS as a virtualised Hardware Random Number Generator device, using VirtIORNG.
What this boils down to is, for your Linux VPS, you only have to take the following two steps:
- Log into our VPS Control Panel, and go into the “General Settings” page. On this page you will see an option to enable VirtIORNG for your VPS, if it is not enabled already.
- In your Linux VPS run the rngd daemon like this: rngd -r /dev/hwrng
That’s it, with these 2 steps you should find that your VPS can now enjoy a good entropy pool. Cryptographic tasks will now complete much faster and encryption software running on your VPS will be much more secure.
To verify whether your VPS has the virtual rng present, run the following command in a terminal in your Linux VPS:
which should show “virtio” as being available
should also show “virtio” as the currently selected hardware rng.
Additionally, you can check that the file /dev/hwrng exists, which is the hardware rng device file.
So how will your VPS benefit from the increased entropy pool? If you run anything that uses encryption, it will benefit. If you run an SSL website, a VPN such as OpenVPN, or have a lot of SSH sessions connecting, these are all examples of software that will benefit.
If you have any difficulty getting this to work for your VPS, don’t hesitate to raise a support ticket and we will be happy to help.