Does firecracker not support virtio rng? I won't comment on other uniqueness iss... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		yjftsjthsd-h on Sept 2, 2022 \| parent \| context \| favorite \| on: We clone a running VM in 2 seconds Does firecracker not support virtio rng? I won't comment on other uniqueness issues, but I would naively expect that you can fix random number generation by outsourcing it to the host. Or does Linux not pull from the provided rng on every use, resulting in a gap right after restore where your per-VM rng isn't unique? I suppose you could fix that by making the VM kernel aware that it was just restored? And now I see why it's not trivial:P

cperciva on Sept 2, 2022 [–]

Nope. Official advice is "use RDRAND".

kevincox on Sept 2, 2022 | [–]

Which does avoid this problem as long as you are using it directly (not just as a seed).

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact