From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <wagner@tansi.org>
Received: from tansi.org (ns.km10532-04.keymachine.de [87.118.102.195])
	by mail.saout.de (Postfix) with ESMTP
	for <dm-crypt@saout.de>; Fri, 28 May 2010 00:12:56 +0200 (CEST)
Received: from gatewagner.dyndns.org (84-74-164-239.dclient.hispeed.ch
	[84.74.164.239]) by tansi.org (Postfix) with ESMTPA id 59B06212804A
	for <dm-crypt@saout.de>; Fri, 28 May 2010 00:12:56 +0200 (CEST)
Date: Fri, 28 May 2010 00:12:55 +0200
From: Arno Wagner <arno@wagner.name>
Message-ID: <20100527221255.GC22477@tansi.org>
References: <20100527145130.17205j9xtswbuacc@webmail.physik.uni-muenchen.de>
	<4BFE796E.9020806@redhat.com>
	<1274970037.20140.40.camel@etppc09.garching.physik.uni-muenchen.de>
	<4BFE857B.6010906@redhat.com>
	<slrnhvt6vl.m0q.Mario.Holbe@darkside.dyn.samba-tng.org>
	<4BFEB817.5070007@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4BFEB817.5070007@redhat.com>
Subject: Re: [dm-crypt] miscellaneous dm-crypt/LUKS/cryptsetup questions
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On Thu, May 27, 2010 at 08:21:11PM +0200, Milan Broz wrote:
> On 05/27/2010 06:21 PM, Mario 'BitKoenig' Holbe wrote:
> > Milan Broz <mbroz@redhat.com> wrote:
> >> (read from /dev/random can return if there is not enough entropy, it needs
> > 
> > Nope. It blocks.
> 
> yep, you are right :)
> 
> The problem is that can wait very long time, so it should inform user that
> system is out of entropy and ask for some action etc. This should be part
> of the RNG handler in cryptsetup if using /dev/random is supported.

Indeed. You could also just flush an explanation to stdout and ask
the user to provide keystrokes if things take long. That would 
remove the need for monitoring what comes from /dev/random.
Maybe use this as a temporary fix that amounts to one printf.

However that does not solve the case of automatic installation
on, e.g., embedded devices that have a low-entropy envoronment.

Arno
-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier