From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mail.saout.de (Postfix) with ESMTP for ; Thu, 18 Nov 2010 14:01:15 +0100 (CET) Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id oAID1ETg008922 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Thu, 18 Nov 2010 08:01:14 -0500 Received: from [10.36.11.125] (vpn2-11-125.ams2.redhat.com [10.36.11.125]) by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id oAID1DLr028419 for ; Thu, 18 Nov 2010 08:01:14 -0500 Message-ID: <4CE52399.3080106@redhat.com> Date: Thu, 18 Nov 2010 14:01:13 +0100 From: Milan Broz MIME-Version: 1.0 References: <4CE247CB.2030507@redhat.com> <4CE4186C.3030504@redhat.com> <20101117223647.GA28081@tansi.org> <4CE4A2AC.4080801@redhat.com> <20101118124048.GA8173@tansi.org> In-Reply-To: <20101118124048.GA8173@tansi.org> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] [ANNOUNCE] cryptsetup 1.2.0-rc1 (test release candidate) List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On 11/18/2010 01:40 PM, Arno Wagner wrote: >> I think it is not only about starved situations, thats just practical >> impact of using this interface. >> Ipsec need to set key too and cannot wait for entropy. > > It has to. No entropy - no security. The entropy does not > nee to be "fresh", but it needs to be there. Maybe I said it wrong - RNG of course must be seeded (using entropy). But this is in initialisation phase. It must wait forever here if there is no entropy. But once seeded, it should produce strong enough stream of data, optionally mixed with environmental noise. Milan