FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu User

LinkBack Thread Tools
Old 04-02-2008, 05:00 PM
Nomen Nescio
Default /dev/random or urandom for encrypted swap

Kent wrote:

> > I think I figured out that the problem is /dev/random is "close to
> > empty" when the computer's just booted, so I changed the line in
> > /etc/crypttab to use /dev/urandom instead. That fixed it, so now it
> > keeps going through the boot-up stuff right away.
> >
> The problem isn't that the computer doesn't have much entropy when it
> first boots (it stores the "pool" at last shutdown), the problem is that
> it is being drained as you initialize your swap.


> > How insecure is it?
> Using /dev/urandom? Quite secure.
> Entropy estimation is a very tricky problem, and exactly when
> /dev/random halts is kind of arbitrary.
> When your computer first boots it probably has a full entropy pool. That
> is equivalent 4096 coin tosses: very hard to guess. The clues to those
> 4096-bits of entropy left in your swap are not
> easy to analyze. Want to be extra secure? Hit return a few times during
> boot even if you do use /dev/urandom.
> How motivated is your foe? Unless someone very well funded--and very
> motivated--is after your secrets, you are safe. And even if the
> NSA/FBI/CIA *really* are interested in your bits, they still might not
> be any better off if you use /dev/urandom instead of /dev/random.
> /dev/urandom produces very high quality random bits.


Maybe this should be mentioned in the encrypted swap documentation?

ubuntu-users mailing list
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Thread Tools

All times are GMT. The time now is 12:52 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org