/dev/random or urandom for encrypted swap

[Kent Borg]

Nomen Nescio wrote:
> I used the Ubuntu wiki's instructions to set up encrypted swap on my
> computer, then I noticed whenever I booted it up, it would sit for a
> while until I hit return a few times.
>
> I think I figured out that the problem is /dev/random is "close to
> empty" when the computer's just booted, so I changed the line in
> /etc/crypttab to use /dev/urandom instead. That fixed it, so now it
> keeps going through the boot-up stuff right away.
>   

The problem isn't that the computer doesn't have much entropy when it 
first boots (it stores the "pool" at last shutdown), the problem is that 
it is being drained as you initialize your swap.

> How insecure is it?
>   

Using /dev/urandom? Quite secure.

Entropy estimation is a very tricky problem, and exactly when 
/dev/random halts is kind of arbitrary.

When your computer first boots it probably has a full entropy pool. That 
is equivalent 4096 coin tosses: very hard to guess. The clues to those 
4096-bits of entropy left in your swap are not
easy to analyze. Want to be extra secure? Hit return a few times during 
boot even if you do use /dev/urandom.

How motivated is your foe? Unless someone very well funded--and very 
motivated--is after your secrets, you are safe. And even if the 
NSA/FBI/CIA *really* are interested in your bits, they still might not 
be any better off if you use /dev/urandom instead of /dev/random. 
/dev/urandom produces very high quality random bits.

-kb, the Kent who is a professional who has been payed to engineer high 
quality random numbers.