Support for hardware source of randomness in docker / VM

Hello !
I have a small question. I run a concrete program and I get this. I know that is related to hardware possibilities.

WARNING: You are currently using the software variant of concrete-csprng which does not have access to a hardware source of randomness. To ensure the security of your application, please arrange to provide a secret by using the concrete_csprng::set_soft_rdseed_secret function.

Should I expect to have access to a hardware source of randomness in these cases (all intel x86):

  • On a bare metal machine
  • On a virtual machine
  • On a docker running on a bare metal machine
  • On a docker running on a virtual machine

Thank you for you answers !

Hello @clement,

Thanks for your question !

As of today, the csprng used by concrete can be seeded using two strategies. The first one uses the rdseed instruction set (it is available on most bare-metal x86 processors todays). The second one uses /dev/random. This second seeding strategy is considered less secure, and you can provide a secret to enhance its security (not yet via the concrete crate though). The message you see appears when this later strategy is used.

When using concrete, we probe the system to decide whether to use the rdseed variant or the /dev/random variant. If you see this message, this means that the rdseed iinstruction set was not detected on the machine.

To specifically answer your question, most bare-metal machines should have the rdseed instruction set. In the other cases, it really depends, there is no strict rules.

You can use the following command to see the available instructions sets:

cat /proc/cpuinfo | grep flags

If aes,rdseed and sse2 are visible, then the warning should go away, and your random generation should be much faster.