Random numbers and virtual-machine forks

Posted Mar 12, 2022 7:02 UTC (Sat) by wtarreau (subscriber, #51152)
In reply to: Random numbers and virtual-machine forks by ejr
Parent article: Random numbers and virtual-machine forks

It's always only a matter of the difficulty to predict these numbers. True randomness today will only be considered as moderately predictable today. What we qualify as random is something which behaves in a way that depends on too many factors for us to analyze, model and predict. For example, a century ago, some might have decided that shooting stars could be a perfect source of random numbers. Nowadays with good observation and modeling these could be considered as highly predictable for some. Today we consider radioactive decay as a good random source. Maybe in 100 years someone comes with a model that makes them highly predictable.

That's why in the end it's important to combine as many dependencies as possible. Even if some are observable by some, as long as you mix as many different ones as possible, you progressively remove the ability for any observer to observe the whole model.

In the situation here, I think that jitter entropy and general system activity will quickly make the pools diverge. Probably that after a few seconds to minutes the two systems will be completely independent. But for the short initial time one could be vulnerable to the analysis performed on the other one, especially if the target hardware is known and allows the observer to try to mimmick it very closely and limit the divergence.

Thus overall Jason's work on this is definitely useful.

Random numbers and virtual-machine forks

Posted Mar 14, 2022 14:31 UTC (Mon) by plugwash (subscriber, #29694) [Link]

> In the situation here, I think that jitter entropy and general system activity will quickly make the pools diverge. Probably that after a few seconds to minutes the two systems will be completely independent. But for the short initial time one could be vulnerable to the analysis performed on the other one, especially if the target hardware is known and allows the observer to try to mimmick it very closely and limit the divergence.

One immediate question that springs to mind is "what about userland"?

As you say the kernel RNGs will likely diverge quickly, so the window of opportunity for failure is fairly narrow. OTOH RNGs in userland that are rarely or never re-seeded and are used in a predictable way may remain in sync for much longer.

Crypto libraries often already have code in place to defend against fork calls, but presumably cloning the whole VM would go unnoticed by such countermeasures.

Random numbers and virtual-machine forks

Posted Apr 2, 2022 7:05 UTC (Sat) by sammythesnake (guest, #17693) [Link]

> Today we consider radioactive decay as a good random source. Maybe in 100 years someone comes with a model that makes them highly predictable.

What you're describing here is what's called a "hidden variable model" in which there are unknown substrates below the observed behaviour that could (in principle) become known, modelled, and predicted (you'd still have the challenge of making suitable observations in the face of engineering limitations and the Heisenberg uncertainty principle of course...)

I understand that there are proofs for various quantum phenomena that preclude the possibility of such hidden variables. Off the top of my head, I'm not 100% certain that nuclear decay is one of the phenomena covered by these proofs, but I think it is.

I once tried to follow a description of such a proof, but ended up glassy eyed and needing a nap...