----- Original Message ----- > From: "Wiebe Cazemier" <wiebe@xxxxxxxxxxxx> > To: "Tyler Hicks" <tyhicks@xxxxxxxxxxxxx> > Cc: ecryptfs@xxxxxxxxxxxxxxx > Sent: Wednesday, 20 January, 2016 8:51:43 PM > Subject: Re: Key derivation and passprhase wrapping > > I think I missed an important bit. I was looking at ecryptfs-wrap-passphrase, > which makes you supply the FEK and FEKEK, but ecryptfs-setup-private > actually already uses a random passphrase: > > -m, --mountpass MOUNTPASS > Passphrase for mounting the ecryptfs directory, default is 16 bytes from > /dev/urandom if omitted > I do see an issue though. The bash script says: random_data=`head -c 16000 /dev/urandom | od -x` || error_testing "$temp" "$(gettext 'Could not generate random data')" But when urandom can't be read (doesn't exist, no file handles, whatever): random_data=`head -c 16000 /dev/urando | od -x` || echo "fail" head: cannot open ‘/dev/urando’ for reading: No such file or directory Note, no 'fail' and $? == 0. And: echo $random_data 0000000 Regards, Wiebe -- To unsubscribe from this list: send the line "unsubscribe ecryptfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
