Mark, et al.: As I have asked before, I think it would be useful if we had some sort of FAQ which states some of these issues and "should do it this way" recommendations. Several months back there was a very deep exchange on entropy, as well. Can we not put this all together in some centralized place so people can review it and update it? If web space is the issue, I can provide that. Very Respectfully, Stuart Blake Tener, IT3, USNR-R, N3GWG Beverly Hills, California VTU 1904G (Volunteer Training Unit) stuart@xxxxxxxxxxx west coast: (310)-358-0202 P.O. Box 16043, Beverly Hills, CA 90209-2043 east coast: (215)-338-6005 P.O. Box 45859, Philadelphia, PA 19149-5859 Telecopier: (419)-715-6073 fax to email gateway via www.efax.com (it's free!) JOIN THE US NAVY RESERVE, SERVE YOUR COUNTRY, AND BENEFIT FROM IT ALL. Monday, October 01, 2001 10:48 AM -----Original Message----- From: owner-linux-crypto@xxxxxxxxxxxx [mailto:owner-linux-crypto@xxxxxxxxxxxx] On Behalf Of Marc Mutz Sent: Sunday, September 30, 2001 11:03 AM To: peter k. Cc: linux-crypto@xxxxxxxxxxxx Subject: Re: Announce loop-AES-v1.4e file/swap crypto package On Sunday 30 September 2001 12:42, peter k. wrote: <snip> > and, would it be a good idea to use for example 128 bytes of urandom > data (and i wouldnt save it to disk of course) as the seed when > encrypting swap? <snip> No. When you encyrpt swap, you should use a new key everytime you swpon (and maybe even rekey periodically, say, every few days). You should use a full keylength bits' key with full entropy. If you do this, you don't need a seed. (and even if you did, 128 _bits_ would be more than enough). Also, the seed need not be secret (and can't be). It must be random, though, so you'd better use /dev/random instead of urandom... Marc -- Military justice is to justice what military music is to music. -- Groucho Marx Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
