Re: Question on get random long worse in VM than on host

From: Marc Zyngier
Date: Sat Aug 31 2024 - 04:14:31 EST


On Sat, 31 Aug 2024 08:56:23 +0100,
Ard Biesheuvel <ardb@xxxxxxxxxx> wrote:
>
> As for RNDR/RNDRRS vs TRNG: the former is not a raw entropy source, it
> is a DRBG (or CSPRNG) which provides cryptographically secure random
> numbers whose security strength is limited by the size of the seed.
> TRNG does not have this limitation in principle, although non-p KVM
> happily seeds it from the kernel's entropy pool, which has the same
> limitation in practice.

Is that something we should address? I assume that this has an impact
on the quality of the provided random numbers?

Thanks,

M.

--
Without deviation from the norm, progress is not possible.