From: Milan Broz <mbroz@redhat.com>
To: Mario 'BitKoenig' Holbe <Mario.Holbe@TU-Ilmenau.DE>
Cc: dm-crypt@saout.de
Subject: Re: [dm-crypt] miscellaneous dm-crypt/LUKS/cryptsetup questions
Date: Fri, 28 May 2010 10:03:53 +0200 [thread overview]
Message-ID: <4BFF78E9.7010102@redhat.com> (raw)
In-Reply-To: <slrnhvusqa.m0q.Mario.Holbe@darkside.dyn.samba-tng.org>
On 05/28/2010 09:39 AM, Mario 'BitKoenig' Holbe wrote:
> Arno Wagner <arno@wagner.name> wrote:
>> However that does not solve the case of automatic installation
>> on, e.g., embedded devices that have a low-entropy envoronment.
>
> well, such install-systems could have a look at the entropy available
> before choosing a specific source of randomness (not that there would be
> a good one on such systems :)).
Various systems (installed from net/PXE) which have enough entropy to
generate master key for LUKS disk (or at least to properly seed some pseudo RNG),
have not enough entropy to seed gcrypt very-strong-RNG
(it _requires_ 300 bytes /dev/random data to seed).
And because the system is usually headless, waiting in installer/luksFormat
with possible no network activity at the moment, it can wait forever.
(My example was about some install verification system, where
the quality of the long term key was not important. Everyone probably
see here possible problem with not enough entropy in generated
key in general in such installations...)
Milan
next prev parent reply other threads:[~2010-05-28 8:04 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-05-27 12:51 [dm-crypt] miscellaneous dm-crypt/LUKS/cryptsetup questions Christoph Anton Mitterer
2010-05-27 13:53 ` Milan Broz
2010-05-27 14:20 ` Christoph Anton Mitterer
2010-05-27 14:45 ` Milan Broz
2010-05-27 16:21 ` Mario 'BitKoenig' Holbe
2010-05-27 18:21 ` Milan Broz
2010-05-27 21:41 ` Roscoe
2010-05-27 22:12 ` Arno Wagner
2010-05-28 7:39 ` Mario 'BitKoenig' Holbe
2010-05-28 8:03 ` Milan Broz [this message]
2010-05-28 11:05 ` Christoph Anton Mitterer
2010-05-28 12:11 ` Mario 'BitKoenig' Holbe
2010-05-28 10:56 ` Christoph Anton Mitterer
2010-05-28 11:26 ` Milan Broz
2010-05-28 15:36 ` Arno Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4BFF78E9.7010102@redhat.com \
--to=mbroz@redhat.com \
--cc=Mario.Holbe@TU-Ilmenau.DE \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox