From: Milan Broz <mbroz@redhat.com>
To: Roscoe <eocsor@gmail.com>
Cc: dm-crypt@saout.de
Subject: Re: [dm-crypt] Entropy available for luksFormat during GNU/Linux installs
Date: Sun, 24 Jan 2010 11:50:26 +0100 [thread overview]
Message-ID: <4B5C25F2.9080607@redhat.com> (raw)
In-Reply-To: <cf657bae1001232217k2c85fd25ldb904e263ea9a7f0@mail.gmail.com>
On 01/24/2010 07:17 AM, Roscoe wrote:
> Has there been much consideration as to this matter within OS
> installers? Does anyone suspect any latent issues?
>
> If we take a Debian text installs with no network, that removes NIC
> generated interrupts and the mouse as sources of entropy, and
> considering setting up partitions [and consequently LUKS/LVM/RAID] is
> one of the first things you do within the installer, I start to become
> a bit suspicious of the quality of the 512 MK bits pulled for
> AES-256-XTS.
Yes, this is interesting problem, just adding some notes:
(please correct me if I am wrong in some points)
- cryptsetup uses /dev/urandom, so volume key quality really depends on RNG here,
exactly the same like all other key generation during install
- cryptsetup/libcryptsetup supports now --master-key-file, you can use your own
pre-generated volume (master) key if you wish.
(Another reason was ability to reformat LUKS header with only MK knowledge)
(Side note about plain (non-LUKS) mode with random key: if initscripts forgot
to re-seed RNG, various low-entropy attacks are possible during system boot.
Encrypted swap is usually initialised before network and other source of entropy are started!
Initscript must initialise plain encrypted device in two steps - first fs where is
the RNG seed stored, reseed RNG, and then format encrypted devices using random key.)
(and in fact, cryptsetup cannot do any statistical tests for RNG, input is too small,
so it must trust kernel here IMHO)
- maybe someone should also describe RNG when system is in FIPS140 mode then
(RNG initialisation and approved RNG are exactly defined, IIRC RNG must not
produce any output if not properly seeded etc.)
- maybe distribution can run some RNG tests also in installer before generating key?
(I mean e.g. rngtest from rng-tools,
or http://csrc.nist.gov/groups/ST/toolkit/rng/documentation_software.html
or http://www.phy.duke.edu/~rgb/General/dieharder.php
and from this "verified" source pre-generate MK for cryptsetup luksFormat...)
Milan
next prev parent reply other threads:[~2010-01-24 10:50 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-01-24 6:17 [dm-crypt] Entropy available for luksFormat during GNU/Linux installs Roscoe
2010-01-24 10:50 ` Milan Broz [this message]
2010-01-24 13:11 ` Arno Wagner
2010-01-24 14:02 ` Heinz Diehl
2010-01-24 14:31 ` Rick Moritz
2010-01-24 16:56 ` Heinz Diehl
2010-01-24 23:11 ` Arno Wagner
2010-01-24 23:03 ` Arno Wagner
2010-01-25 11:25 ` Milan Broz
2010-02-03 0:45 ` Roscoe
2010-02-03 6:21 ` Arno Wagner
2010-02-03 7:57 ` Arno Wagner
2010-02-03 12:31 ` Roscoe
2010-02-03 8:56 ` Milan Broz
[not found] ` <cf657bae1002030430l3b0f4768x19e917466b5664bb@mail.gmail.com>
[not found] ` <4B697D55.5020304@redhat.com>
[not found] ` <cf657bae1002031231s6dd17c8bq118e5c5276c31b84@mail.gmail.com>
2010-03-23 8:43 ` Roscoe
-- strict thread matches above, loose matches on Subject: below --
2010-01-24 18:12 Si St
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B5C25F2.9080607@redhat.com \
--to=mbroz@redhat.com \
--cc=dm-crypt@saout.de \
--cc=eocsor@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox