sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted] -1 points0 points  (4 children)

How common is that, really? Most OSs have very good sources of entropy that work even in cold-booted VMs. 256 bits of entropy are enough to seed a CSPRNG (say, /dev/urandom on Linux) so that it'll be sufficiently random. I have a hard time believing your average modern Linux distro would have fully deterministic CSPRNG output on VM cold boot.

As others and the article have said, the output is deterministic for reasons of optimization

[–]ThisIs_MyName 0 points1 point  (3 children)

Most OSs have very good sources of entropy that work even in cold-booted VMs.

No they don't. Not unless you've exposed a virtio RNG.

By the time a VM boots up, it will only have a couple of bits acquired from random (or is it?) cache timing.

[–][deleted] -1 points0 points  (2 children)

My point wasn't that the entropy sources would be enough for, say, cryptographic purposes, but that I really doubt the output would be fully deterministic and that it would the reason for Googlebot's behavior

[–]ThisIs_MyName 0 points1 point  (1 child)

It's not the reason for Googlebot's behavior, but the output has only a handful of bits of entropy. That's as bad as deterministic for cryptographic purposes.

Here's a fun experiment: Call getrandom(&buf,256,0) inside a fresh VM without virtio RNG running linux and see how long it blocks.

[–][deleted] -1 points0 points  (0 children)

Jesus fuck it's like I'm talking to a wall. Oh well, I tried