On 11/17/2010 11:36 PM, Arno Wagner wrote: > I have trouble parsing this. Is it a list-replay to a > partially quoted personal message? Partially. It is just warning that setting default is not just straightforward. (I think there is already request for setting default to /dev/random in Debian.) > If I remember correctly, the request to allow the use of > /dev/randome was only for this special situation or similar others. Sure, this setting affects only volume key generation. Others are always generated using urandom. (See the source in lib/random.c - there is flag CRYPT_RND_NORMAL / KEY. Only calls marked with KEY quality can use /dev/random.) > As to the possible entropy-startved situations, embedded systems > and virtualized systems in connection with automatized installation > were mentioned. I think it is not only about starved situations, thats just practical impact of using this interface. Ipsec need to set key too and cannot wait for entropy. Isn't there the same quality requested if you can record encrypted communication and analyse it later? (just example) I sent this "rant" separately because it is just my opinion but I simply think that /dev/random vs /dev/urandom is bad design. But it is up to user how to configure cryptsetup - I provided all needed ways to set it up according to needs (configure, runtime, libcryptsetup API). I would prefer some interface to kernel RNG where I can specify requested quality. Or simply setup urandom to generate strong data usable always as long term key. Maybe we get better access to kernel RNG through new userspace API. I think that many applications which implements its own RNG (because mixing /dev/random with something into own pool _is_ new RNG) use some tricks. Are these tricks properly documented and backed by proper analysis? I hope so:-) > An alternative would be to introduce randomness form the outside, > but that may again be a security risk. Bottom line, setting > key-generation to use /dev/random is a specialist option that > most beople will never need, but that can be very handy in > some situations. You can provide pre-generated volume key or you can use /dev/random if requested in cryptsetup - the option is there. Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
