Skip to main content

Why should I install haveged on virtual environments?

Passbolt uses Gnupg as the encryption engine. Encryption operations such as creating a private key require an enough amount of entropy on the system's entropy pool. A good and fast source of entropy is important to generate high quality random numbers. Poor quality on the random numbers could lead to weak private keys that could compromise the security of your setup. Random number generation is a complex topic that has been discussed widely on the community [1]

Virtualisation strongly affects the quantity of produced entropy and. In other words, when you run a virtualised system such as a virtual machine or a container you likely will find yourself in a situation where the entropy pool is low and it is filling slowly. There are few remediations for this situation:

As stated in [1] and [2], haveged could lead to generation of poor entropy so, in order to stay safe, the recommendation would be to:

  1. Use rng-tools if you trust your hardware random number generator
  2. If rng-tools is not enough then use Haveged as well.

You can check the current available entropy on your system by executing this command:

cat /proc/sys/kernel/random/entropy_avail

A good number of available entropy is usually between 2500 and 4096 bits. Entropy is considered to be low when it is below 1000.