[dm-crypt] Entropy available for luksFormat during GNU/Linux installs

Rick Moritz rahvin at gmail.com
Sun Jan 24 15:31:47 CET 2010


On Sun, 24 Jan 2010 15:02:05 +0100 Heinz Diehl <htd at fancy-poultry.org> wrote:

> On 24.01.2010, Arno Wagner wrote: 
> 
> > "As  a  general rule,  /dev/urandom  should  be  used  for everything 
> >  except long-lived GPG/SSL/SSH keys."
> >  ^^^^^^ 
> 
> Why?
> 
> Is the output of urandom somehow more predictable than random?

Once the entropy pool is exhausted, yes. Because then the randomness is no longer actual randomness, but pseudo-randomness, and can be predicted if you have the random seed available.


More information about the dm-crypt mailing list