Re: passfrase or dev_random for keyfile of a dmcrypt_swap

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> QUESTION: But in case I would have to use a seed, how is this done?
> Especially with an UPDATED seed? This I do not know.

Advanced practical crypto implementation. What you do is, you store
some entropy on system shutdown to use at the next start together
with the best you can get at the start. On first start you are
screwed, buut for swap it is less critical. For exaple done by
GnuPG, in the form of $HOME/gnupg/random_seed.

Arno

SiSt:

I assume that I am close to the understanding of your point here, with this
excerpt from the urandom manual(?):

When a Linux system starts up without much operator interaction, the entropy
pool may be in a fairly  predictable  state.   This reduces  the  actual
amount  of  noise in the entropy pool below the estimate.  In order to
counteract this effect, it helps to carry entropy pool information across
shut-downs and start-ups.  To do this, add the following lines to  an
appropriate  script which is run during the Linux system start-up sequence:

           echo "Initializing random number generator..."
           random_seed=/var/run/random-seed
           # Carry a random seed from start-up to start-up
           # Load and then save the whole entropy pool
           if [ -f $random_seed ]; then
               cat $random_seed >/dev/urandom
           else
               touch $random_seed
           fi
           chmod 600 $random_seed
           poolfile=/proc/sys/kernel/random/poolsize
           [ -r $poolfile ] && bytes=`cat $poolfile` || bytes=512
           dd if=/dev/urandom of=$random_seed count=1 bs=$bytes

       Also, add the following lines in an appropriate script which is run
during the Linux system shutdown:

           # Carry a random seed from shut-down to start-up
           # Save the whole entropy pool
           echo "Saving random seed..."
           random_seed=/var/run/random-seed
           touch $random_seed
           chmod 600 $random_seed
           poolfile=/proc/sys/kernel/random/poolsize
           [ -r $poolfile ] && bytes=`cat $poolfile` || bytes=512
           dd if=/dev/urandom of=$random_seed count=1 bs=$bytes


-- 
_______________________________________________
Surf the Web in a faster, safer and easier way:
Download Opera 9 at http://www.opera.com

_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux