[asamarin]

So what happens at the very first boot (e.g. after system installation, or cloud instance just being spawned)? Is that the only circumstance where it would be OK to block? Does OpenBSD trust RdRand for such occasions?

[ChrisSD]

You can set /etc/random.seed (or /var/db/host.random for spawned instances) prior to first boot. That's what cloud providers do IIRC. It also mixes in hardware random (if available).

[boring_twenties]

> Does OpenBSD trust RdRand for such occasions?

It is used as one source among many to seed the PRNG, so I think the answer is no.

[gnud]

A new cloud instance seems like a small problem. The host could just generate an entropy file for the first boot.

[caf]

Yes - the hard case is a little flash-based low power ARM router, cloned by the million.

[Reelin]

From 2012, but still at least somewhat relevant (https://factorable.net/weakkeys12.extended.pdf).

> RSA and DSA can fail catastrophically when used with malfunctioning random number generators ... network survey of TLS and SSH servers and present evidence that vulnerable keys are surprisingly widespread ... we are able to obtain RSA private keys for 0.50% of TLS hosts and 0.03% of SSH hosts, because their public keys shared nontrivial common factors due to entropy problems, and DSA private keys for 1.03% of SSH hosts, because of insufficient signature randomness ... the vast majority appear to be headless or embedded devices ...