FAQ Search Today's Posts Mark Forums Read

» Linux Archive
Home
New Posts
Search
FAQ


Go Back   Linux Archive > Redhat > Fedora/Linux Management Tools
Reload this Page Use /dev/random before encrypting disks?

 
 
LinkBack Thread Tools
 
Old 02-05-2008, 01:20 PM
Jeremy Katz
 
Default Use /dev/random before encrypting disks?
On Tue, 2008-02-05 at 10:23 +0100, Alexander Todorov wrote:
> in many disk encryption resources on the web the user is given an advice
> to use /dev/random to populate the disk before he sets up the encryption
> process. This is said to increase entropy and recommended for brand
> new disks.
>
> Does anaconda have the support for that in the current block device
> encryption implementation? I guess not but haven't looked at the code.
> IMO a GIU/TUI/kickstart flag is enough to let the user choose if they
> want to populate the device with random data prior to encryption.
> What do you think?

Given the amount of under the covers remapping that disks do these days
and things like hidden sectors, etc, I really don't think it makes much
difference. But if you do it, then you've got a very painful and long
process that's pretty impossible to message in the UI.

And if you're paranoid, there's always %pre

Jeremy

_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
 
Old 02-05-2008, 04:00 PM
Bruno Wolff III
 
Default Use /dev/random before encrypting disks?
On Tue, Feb 05, 2008 at 10:23:47 +0100,
Alexander Todorov <atodorov@redhat.com> wrote:
> Hello all,
> in many disk encryption resources on the web the user is given an advice
> to use /dev/random to populate the disk before he sets up the encryption
> process. This is said to increase entropy and recommended for brand
> new disks.

You'd probably need to use /dev/urandom unless you wanted to wait a very
long time.
Another option would be to use AES in counter mode.

_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
 
Old 02-05-2008, 05:03 PM
Alexander Todorov
 
Default Use /dev/random before encrypting disks?
Bruno Wolff III wrote:

On Tue, Feb 05, 2008 at 10:23:47 +0100,
Alexander Todorov <atodorov@redhat.com> wrote:

Hello all,
in many disk encryption resources on the web the user is given an advice
to use /dev/random to populate the disk before he sets up the encryption
process. This is said to increase entropy and recommended for brand
new disks.


You'd probably need to use /dev/urandom unless you wanted to wait a very
long time.
Another option would be to use AES in counter mode.


Don't really care on the implementation details although speed is a
major factor. Just wanted to know how folks feel about the issue and if
it's really necessary. As Jeremy Katz pointed it not really a must.


Greetings,
Alexander.

_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
 

Thread Tools




All times are GMT. The time now is 04:53 AM.

VBulletin, Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org

Contact Us - Linux Archive - Archive - Top -