On Mon, 2013-10-21 at 13:10 +0200, octane indice wrote: > But at this point, what is the quality of the random[1]? Well /dev/random (in Linux) should have either high quality entropy,... or block... at least that was my understanding (there's currently a discussion going on about /dev/[u]random at the well known cryptography mailing list)... BUT,... cryptsetup uses by default unfortunately urandom to generate the master key. I never really understood why since all arguments pro it seem weak or nonsense to me... anyway that's how things are. But you can use --use-random to change that. So in principle you should be on the safe side then. Of course you can improve entropy by using stuff like haveged, or a TRNG[0],... but I do not really know wheter these also have a positive effect on the _quality_ of the entropy or just on the _quantity_. Cheers, Chris. [0] According to Ted Ts'o and others it's not possible to spoil /dev/random by seeding it with malicious entropy sources (it just wouldn't get better as it was already)... though I must admit that I've never understood why this could be like that.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
