[dm-crypt] Wrong behavior?

Christoph Anton Mitterer christoph.anton.mitterer at physik.uni-muenchen.de
Wed Jul 14 20:09:00 CEST 2010


On Wed, 2010-07-14 at 12:09 +0200, Arno Wagner wrote:
> Specifically, the issue was what to do in a low-entropy environment
> (embedded system) on automatic install.
I just can point out my previous argument once again:

As the entropy is only required once (when setting up LUKS) there should
be no issue with embedded devices per se.

It's rather a problems for all kinds of automatically installed systems
and there I'd say:
- These systems usually don't use encryption anyway.
- Even I they does they'll typically require manual intervention anyway
(entering a password, providing a key file, etc.)
- And apart from that: cryptsetups main target should always be maximum
security. Therefore it would be IMO better to life (for now) with
blocking systems than using urandom.


Cheers,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3387 bytes
Desc: not available
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20100714/d023c6f2/attachment.bin>


More information about the dm-crypt mailing list