/dev/urandom entropy on whonix + virtualbox VM

I’m just getting started with zcash and following the instructions here.

I’m installing the client using apt-get on a whonix 14 workstation running on a virtualbox VM.

There is this line in the instructions:

echo "rpcpassword=`head -c 32 /dev/urandom | base64`" >> ~/.zcash/zcash.conf

I don’t know much anything about entropy/randomness on VMs or virtualbox in particular, but I got a little suspicious that maybe a virtualized environment might not provide “real” entropy and make that generated password less secure.

Is this a legitimate concern? Is there anything I need to do to make sure /dev/urandom is actually random?

This is a good starting point if you want to improve entropy in your VM:

To go down the rabbit hole:

1 Like

Those instructions could likely be updated as you don’t actually need that line in your zcash.conf as I believe it’ll simply use cookie authentication if it isn’t provided. Also, by default RPC access is limited to localhost so the risk here is probably pretty low unless you are allowing external RPC connections.

1 Like