So the main remaining risk is things like (cloud) images where many people/machines use the same seed. This can be mitigated by stirring in RDRAND, unique CPU information (serial number?), high-res date/time, and other possibly unique information (MAC addresses?).

If you’re running virtual machines you can just use a virtual RNG device exposed by the hypervisor.

The Virtio RNG driver was merged into Linux 2.6.26, released a decade ago. AFAIU it should be built into most Linux kernels. I just confirmed on Alpine 3.10 and Ubuntu 18.10 (Cosmic).

The problem is that not all hypervisors provide the device by default. I use libvirt KVM/QEMU and the default template doesn't include it, but you can add it. AWS EC2 doesn't provide it, though it doesn't provide any virtio devices. Parallels Desktop 15 doesn't support virtio-rng, either

OTOH, OpenBSD's VMD not only supports it but I think it's enabled by default. (I see it in the source code. I can't find a way to enable/disable it, but the publicly posted dmesg dumps seem to always show it as found when an OpenBSD guest boots.)

Of course, most VMs are x86_64-based using hardware extensions and likely using CPUs providing rdrand. But hypervisors really should provide the virtio-rng device default, perhaps even unconditionally as OpenBSD apparently does.

> OTOH, OpenBSD's VMD not only supports it but I think it's enabled by default.

Yes, my VMD virtual machines have it with no configuration necessary.

    pvbus0 at mainbus0: OpenBSD
    pci0 at mainbus0 bus 0
    virtio0 at pci0 dev 1 function 0 "Qumranet Virtio RNG" rev 0x00
    viornd0 at virtio0

Here’s the manpage: https://man.openbsd.org/viornd.4