On 05/28/2010 09:39 AM, Mario 'BitKoenig' Holbe wrote: > Arno Wagner <arno@xxxxxxxxxxx> wrote: >> However that does not solve the case of automatic installation >> on, e.g., embedded devices that have a low-entropy envoronment. > > well, such install-systems could have a look at the entropy available > before choosing a specific source of randomness (not that there would be > a good one on such systems :)). Various systems (installed from net/PXE) which have enough entropy to generate master key for LUKS disk (or at least to properly seed some pseudo RNG), have not enough entropy to seed gcrypt very-strong-RNG (it _requires_ 300 bytes /dev/random data to seed). And because the system is usually headless, waiting in installer/luksFormat with possible no network activity at the moment, it can wait forever. (My example was about some install verification system, where the quality of the long term key was not important. Everyone probably see here possible problem with not enough entropy in generated key in general in such installations...) Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt