Good idea, but if I followed the conversation here correctly, the
desire was to minimize the number of windows required for the user to
pass through during the installation. Having a window where the user
has to do something, that in essence, seems really really random
probably isn't the best thing to put in the installer. Would it be
possible to delay key generation until the system uptime has reached a
certain time or the user specifically requests the key to generated (in
which case they can get to hammer on their keyboard).





On Wed, Sep 24, 2008 at 9:37 PM, Michael Casadevall <sonicmctails@gmail.com> wrote:


-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1



I've did some work implementing /dev/random in GNU Hurd (yes, yes, I

know :-P). Static bootups are fairly constant, i.e., poor source of

entropy, so that is a major problem. However, it might be possible to

have the user provide or generate entropy (maybe a friendly message

such as "Ubuntu needs to generate entropy to encrypt your files,

please bang on the keyboard like a monkey"), or the ability to provide

a private key from another source like a USB key or something.

Michael



-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

Comment: http://getfiregpg.org



iEYEARECAAYFAkjbB1wACgkQpblTBJ2i2psm4ACfcjq/0QyAV3PARKIgWmfNpdTy

WKQAni0DPfLwUwW39PVklGZ32wCaS0do

=TGV+

-----END PGP SIGNATURE-----



On Wed, Sep 24, 2008 at 11:28 PM, Kienan Stewart

<kienan.stewart@gmail.com> wrote:

> Hi

>

> I was looking at the wikipedia article on /dev/random and /dev/urandom,

> having previously not used them. The article linked to a paper that analyzed

> the cryptographic procedures of the /dev/random and /dev/urandom in linux.

> The main thing that I took out of paper and the wikipedia article was that

> there was a small concern about the lack of entropy available in /dev/random

> during installs and on livecds. If the key is generated right after a

> reboot, they may not be sufficiently random. I'm not sure, but this could be

> a thing to consider if keys are going to be generated early in the install

> procedure. Would anyone else consider this a concern?

>

> P.S. Sorry if I sent this to someone twice, gmail only replies to the last

> writer and not the list. My apologies.

>>

>> On Tue, Sep 23, 2008 at 3:48 PM, Onno Benschop <onno@itmaze.com.au> wrote:

>>>

>>> On 24/09/08 01:43, Dustin Kirkland wrote:

>>> > That said, let me throw out another perhaps more controversial

>>> > option... *What if we didn't ask, and we just provided ~/Private

>>> > encrypted by default? *If unspecified, the mount passphrase is

>>> > randomly generated from 128 bits of /dev/urandom. *We can do that

>>> > completely entirely and reliably without adding a screen to the

>>> > installer, and provide the system administrator user a secure,

>>> > encrypted location to drop critical data by default on any Ubuntu

>>> > Server

>>> When I saw the previous posts come past I wondered if this wasn't a

>>> better option. Leading by example.

>>>

>>> I'm not familiar with how it's created, but could it be "built-in" as

>>> you suggest and be created when an account is made as part of the

>>> adduser process?

>>>

>>> Could the (initial) pass-phrase be the user's login password?

>>>

>>>

>>> --

>>> Onno Benschop

>>>

>>> Connected via Optus B3 at S31°54'06" - E115°50'39" (Yokine, WA)

>>> --

>>> ()/)/)() * * * *..ASCII for Onno..

>>> |>>? * * * * * *..EBCDIC for Onno..

>>> --- -. -. --- * ..Morse for Onno..

>>>

>>> ITmaze * - * ABN: 56 178 057 063 * - *ph: 04 1219 8888 * -

>>> onno@itmaze.com.au

>>>

>>>

>>>

>>> --

>>> ubuntu-server mailing list

>>> ubuntu-server@lists.ubuntu.com

>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server

>>> More info: https://wiki.ubuntu.com/ServerTeam

>>

>

>

> --

> ubuntu-server mailing list

> ubuntu-server@lists.ubuntu.com

> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server

> More info: https://wiki.ubuntu.com/ServerTeam

>





--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

On Wed, Sep 24, 2008 at 11:37:01PM -0400, Michael Casadevall wrote:
> I've did some work implementing /dev/random in GNU Hurd (yes, yes, I
> know :-P). Static bootups are fairly constant, i.e., poor source of
> entropy, so that is a major problem. However, it might be possible to
> have the user provide or generate entropy (maybe a friendly message
> such as "Ubuntu needs to generate entropy to encrypt your files,
> please bang on the keyboard like a monkey"), or the ability to provide
> a private key from another source like a USB key or something.

Package: randomsound
Description: ALSA sound card related entropy gathering daemon
Using the low order bit of the ADC output of your sound card,
randomsound gathers entropy, debiases it and offers it up to your
kernel's random pool.

--
Soren Hansen |
Virtualisation specialist | Ubuntu Server Team
Canonical Ltd. | http://www.ubuntu.com/
--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam