Quoting Milan Broz <mbroz@xxxxxxxxxx>:
(I think there is already request for setting default to /dev/random
in Debian.)
Yeah that was me ;)
I mean I absolutely see your points, Milan.
But IMHO one should always go for the most secure setting per default.
Just the same as one e.g. does when gnupg creates keys. Of course one
could argue there, too, that for the average user, urandom might be
good enough.
As far as I've always understood you, your main-concern are fully
automated installs, right?
And personally I just don't see the major use case of disk encryption
for that at all.
And typically, when you do that you have some special tool for it
anyway (e.g. FAI),... which could then always use --use-urandom per
default.
That's why I personally would suggest to use random as default, and
just announce this change in behaviour in some NEWS-file with the hint
that the /dev/random blocking might be a problem for some people.
Just with about the same arguments, as it was agreed here (IIRC) that
TRIM will be (for security reasons) discarded per default.
Cheers,
Chris.
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
