I have a small question. I run a concrete program and I get this. I know that is related to hardware possibilities.
WARNING: You are currently using the software variant of concrete-csprng which does not have access to a hardware source of randomness. To ensure the security of your application, please arrange to provide a secret by using the concrete_csprng::set_soft_rdseed_secret
Should I expect to have access to a hardware source of randomness in these cases (all intel x86):
- On a bare metal machine
- On a virtual machine
- On a docker running on a bare metal machine
- On a docker running on a virtual machine
Thank you for you answers !
Thanks for your question !
As of today, the csprng used by
concrete can be seeded using two strategies. The first one uses the
rdseed instruction set (it is available on most bare-metal x86 processors todays). The second one uses
/dev/random. This second seeding strategy is considered less secure, and you can provide a secret to enhance its security (not yet via the
concrete crate though). The message you see appears when this later strategy is used.
concrete, we probe the system to decide whether to use the
rdseed variant or the
/dev/random variant. If you see this message, this means that the
rdseed iinstruction set was not detected on the machine.
To specifically answer your question, most bare-metal machines should have the
rdseed instruction set. In the other cases, it really depends, there is no strict rules.
You can use the following command to see the available instructions sets:
cat /proc/cpuinfo | grep flags
sse2 are visible, then the warning should go away, and your random generation should be much faster.