/dev/random or urandom for encrypted swap
Nomen Nescio
nobody at dizum.com
Wed Apr 2 17:00:02 UTC 2008
Kent wrote:
> > I think I figured out that the problem is /dev/random is "close to
> > empty" when the computer's just booted, so I changed the line in
> > /etc/crypttab to use /dev/urandom instead. That fixed it, so now it
> > keeps going through the boot-up stuff right away.
> >
>
> The problem isn't that the computer doesn't have much entropy when it
> first boots (it stores the "pool" at last shutdown), the problem is that
> it is being drained as you initialize your swap.
OK.
> > How insecure is it?
>
> Using /dev/urandom? Quite secure.
>
> Entropy estimation is a very tricky problem, and exactly when
> /dev/random halts is kind of arbitrary.
>
> When your computer first boots it probably has a full entropy pool. That
> is equivalent 4096 coin tosses: very hard to guess. The clues to those
> 4096-bits of entropy left in your swap are not
> easy to analyze. Want to be extra secure? Hit return a few times during
> boot even if you do use /dev/urandom.
>
> How motivated is your foe? Unless someone very well funded--and very
> motivated--is after your secrets, you are safe. And even if the
> NSA/FBI/CIA *really* are interested in your bits, they still might not
> be any better off if you use /dev/urandom instead of /dev/random.
> /dev/urandom produces very high quality random bits.
Thanks!
Maybe this should be mentioned in the encrypted swap documentation?
More information about the ubuntu-users
mailing list