From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <wagner@tansi.org>
Received: from tansi.org (ns.km10532-04.keymachine.de [87.118.102.195])
	by mail.saout.de (Postfix) with ESMTP
	for <dm-crypt@saout.de>; Wed, 14 Jul 2010 12:09:35 +0200 (CEST)
Received: from gatewagner.dyndns.org (84-74-164-239.dclient.hispeed.ch
	[84.74.164.239]) by tansi.org (Postfix) with ESMTPA id D2FBE2128007
	for <dm-crypt@saout.de>; Wed, 14 Jul 2010 12:09:34 +0200 (CEST)
Date: Wed, 14 Jul 2010 12:09:33 +0200
From: Arno Wagner <arno@wagner.name>
Message-ID: <20100714100933.GA17696@tansi.org>
References: <1279054281.867.5.camel@Koma-Station.localdomain>
	<4C3CD6C8.6020303@redhat.com>
	<1279059451.867.23.camel@Koma-Station.localdomain>
	<AANLkTilvdewwcdzdm2uX6go9q2dahLX7Fes-lwDNOkvU@mail.gmail.com>
	<AANLkTimT_9DCXRup6JhGYnBdQqxa51n09e-trTMUXRKj@mail.gmail.com>
	<20100714063856.GA6443@fancy-poultry.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20100714063856.GA6443@fancy-poultry.org>
Subject: Re: [dm-crypt] Wrong behavior?
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On Wed, Jul 14, 2010 at 08:38:56AM +0200, Heinz Diehl wrote:
> On 14.07.2010, MkFly wrote: 
> 
> > Well now I'm wondering, does luksFormat use /dev/urandom for
> > master-key generation?
> 
> Yes, it does.
> 
> > ?If so, is there any way to force it to use
> > /dev/random instead (aside from generating a keyfile beforehand and
> > luksFormat'ing with --master-key-file)?
> 
> If I remember correctly, this has been discussed here before, and one of
> the main reasons against using /dev/random was that it's blocking when
> it's out of entropy.

Specifically, the issue was what to do in a low-entropy environment
(embedded system) on automatic install. On an ordinary PC on second
boot or so, /dev/urandom typically produces very good key material.

Arno

-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier