On Tue, Sep 18, 2018 at 7:03 PM John Denker <jsd@xxxxxxxx> wrote: > > Is a fix that only deals with a subset of the problem worth > > considering? Just patch the VM support code so that any time a VM is > > either booted or re-started after a save, the host system drops in > > some entropy, ... > > Good solutions already exist for that subset of the problem. > > Configure your VM so that each guest has a virtual /dev/hwrng > I know this works for qemu. > I imagine it works for other VMs. > > If you find this unsatisfactory, please explain. It may still leave a VM that is snapshotted & restarted vulnerable to replay since the random state is saved & restored. I'm not sure this is much of a problem since an attacker would presumably need privileged access to the host to exploit it & if he has that, all is lost anyway.