Re: Question on get random long worse in VM than on host
From: Marc Zyngier
Date: Sat Aug 31 2024 - 04:14:31 EST
On Sat, 31 Aug 2024 08:56:23 +0100,
Ard Biesheuvel <ardb@xxxxxxxxxx> wrote:
>
> As for RNDR/RNDRRS vs TRNG: the former is not a raw entropy source, it
> is a DRBG (or CSPRNG) which provides cryptographically secure random
> numbers whose security strength is limited by the size of the seed.
> TRNG does not have this limitation in principle, although non-p KVM
> happily seeds it from the kernel's entropy pool, which has the same
> limitation in practice.
Is that something we should address? I assume that this has an impact
on the quality of the provided random numbers?
Thanks,
M.
--
Without deviation from the norm, progress is not possible.