[dm-crypt] Entropy available for luksFormat during GNU/Linux installs

Roscoe eocsor at gmail.com
Sun Jan 24 07:17:01 CET 2010


Hey folks,

A while ago the following paper regarding the Linux RNG was in the news:
http://www.pinkas.net/PAPERS/gpr06.pdf

It describes issues with environments utilizing read only storage
[KNOPPIX and WRT are named].

At the time I thought "Hey, just like installing from CD!".
Since then, I've always been a bit suspicious of the security factor
of partitions created within an installer.

Has there been much consideration as to this matter within OS
installers? Does anyone suspect any latent issues?

If we take a Debian text installs with no network, that removes NIC
generated interrupts and the mouse as sources of entropy, and
considering setting up partitions [and consequently LUKS/LVM/RAID] is
one of the first things you do within the installer, I start to become
a bit suspicious of the quality of the 512 MK bits pulled for
AES-256-XTS.


Regards,

-- Roscoe

PS [Confession]: Crypto/Maths/CS aren't my fields so I only skimmed the paper!


More information about the dm-crypt mailing list