On Sunday 30 September 2001 12:42, peter k. wrote:
<snip>
> and, would it be a good idea to use for example 128 bytes of urandom
> data (and i wouldnt save it to disk of course) as the seed when
> encrypting swap?
<snip>
No. When you encyrpt swap, you should use a new key everytime you swpon
(and maybe even rekey periodically, say, every few days). You should
use a full keylength bits' key with full entropy. If you do this, you
don't need a seed. (and even if you did, 128 _bits_ would be more than
enough). Also, the seed need not be secret (and can't be). It must be
random, though, so you'd better use /dev/random instead of urandom...
Marc
--
Military justice is to justice what military music is to music.
-- Groucho Marx
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
