Nice find! Yes, that is the issue and a solution. Arno On Tue, Apr 20, 2010 at 07:06:12PM +0100, Si St wrote: > > > QUESTION: But in case I would have to use a seed, how is this done? > > Especially with an UPDATED seed? This I do not know. > > Advanced practical crypto implementation. What you do is, you store > some entropy on system shutdown to use at the next start together > with the best you can get at the start. On first start you are > screwed, buut for swap it is less critical. For exaple done by > GnuPG, in the form of $HOME/gnupg/random_seed. > > Arno > > SiSt: > > I assume that I am close to the understanding of your point here, with this > excerpt from the urandom manual(?): > > When a Linux system starts up without much operator interaction, the entropy > pool may be in a fairly predictable state. This reduces the actual > amount of noise in the entropy pool below the estimate. In order to > counteract this effect, it helps to carry entropy pool information across > shut-downs and start-ups. To do this, add the following lines to an > appropriate script which is run during the Linux system start-up sequence: > > echo "Initializing random number generator..." > random_seed=/var/run/random-seed > # Carry a random seed from start-up to start-up > # Load and then save the whole entropy pool > if [ -f $random_seed ]; then > cat $random_seed >/dev/urandom > else > touch $random_seed > fi > chmod 600 $random_seed > poolfile=/proc/sys/kernel/random/poolsize > [ -r $poolfile ] && bytes=`cat $poolfile` || bytes=512 > dd if=/dev/urandom of=$random_seed count=1 bs=$bytes > > Also, add the following lines in an appropriate script which is run > during the Linux system shutdown: > > # Carry a random seed from shut-down to start-up > # Save the whole entropy pool > echo "Saving random seed..." > random_seed=/var/run/random-seed > touch $random_seed > chmod 600 $random_seed > poolfile=/proc/sys/kernel/random/poolsize > [ -r $poolfile ] && bytes=`cat $poolfile` || bytes=512 > dd if=/dev/urandom of=$random_seed count=1 bs=$bytes > > > -- > _______________________________________________ > Surf the Web in a faster, safer and easier way: > Download Opera 9 at http://www.opera.com > > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt > -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
