/dev/random or urandom for encrypted swap

Nomen Nescio nobody at dizum.com
Wed Apr 2 17:00:02 UTC 2008

Kent wrote:

> > I think I figured out that the problem is /dev/random is "close to
> > empty" when the computer's just booted, so I changed the line in
> > /etc/crypttab to use /dev/urandom instead. That fixed it, so now it
> > keeps going through the boot-up stuff right away.
> >   
> The problem isn't that the computer doesn't have much entropy when it 
> first boots (it stores the "pool" at last shutdown), the problem is that 
> it is being drained as you initialize your swap.


> > How insecure is it?
> Using /dev/urandom? Quite secure.
> Entropy estimation is a very tricky problem, and exactly when 
> /dev/random halts is kind of arbitrary.
> When your computer first boots it probably has a full entropy pool. That 
> is equivalent 4096 coin tosses: very hard to guess. The clues to those 
> 4096-bits of entropy left in your swap are not
> easy to analyze. Want to be extra secure? Hit return a few times during 
> boot even if you do use /dev/urandom.
> How motivated is your foe? Unless someone very well funded--and very 
> motivated--is after your secrets, you are safe. And even if the 
> NSA/FBI/CIA *really* are interested in your bits, they still might not 
> be any better off if you use /dev/urandom instead of /dev/random. 
> /dev/urandom produces very high quality random bits.


Maybe this should be mentioned in the encrypted swap documentation?

More information about the ubuntu-users mailing list