Why should I install haveged on virtual environments?
Passbolt uses Gnupg as the encryption engine. Encryption operations such as creating a private key require an enough amount of entropy on the system’s entropy pool. A good and fast source of entropy is important to generate high quality random numbers. Poor quality on the random numbers could lead to weak private keys that could compromise the security of your setup. Random number generation is a complex topic that has been discussed widely on the community [1]
Virtualisation strongly affects the quantity of produced entropy and. In other words, when you run a virtualised system such as a virtual machine or a container you likely will find yourself in a situation where the entropy pool is low and it is filling slowly. There are few remediations for this situation:
As stated in [1] and [2], haveged could lead to generation of poor entropy so, in order to stay safe, the recommendation would be to:
- Use rng-tools if you trust your hardware random number generator
- If rng-tools is not enough then use Haveged as well.
You can check the current available entropy on your system by executing this command:
cat /proc/sys/kernel/random/entropy_avail
A good number of available entropy is usually between 2500 and 4096 bits. Entropy is considered to be low when it is below 1000.
Other frequently asked questions in the same category
- How to install passbolt server
- How to make passbolt backups
- How can I update my passbolt server?
- What are the minimum server requirements?
- Does passbolt provide hosting?
- Where can I get help for installation issues?
- Why do I see an unsafe mode banner in the footer?
- Why are my emails not being sent?
- Why should I install haveged on virtual environments?
- How to update my subscription key
- Why am I getting ldap synchronization issues?
- How to increase auto logout time?
- Firewall rules
- How to generate JWT key pair manually
- Troubleshoot Docker
- How to migrate from HTTP to HTTPS
- How to use docker rootless images
- How to import SSL certificate on mobile application
- Troubleshoot SSL
- How to rotate server GPG keys
- iOS / Android Mobile FAQ
- How to install passbolt in non-interactive mode?
- Troubleshoot Helm
- How to set up NTP
- Docker Secrets