[dm-crypt] LUKS and backdoors

Christoph Anton Mitterer calestyo at scientia.net
Mon Oct 21 15:12:25 CEST 2013

On Mon, 2013-10-21 at 13:10 +0200, octane indice wrote:
> But at this point, what is the quality of the random[1]?
Well /dev/random (in Linux) should have either high quality entropy,...
or block... at least that was my understanding (there's currently a
discussion going on about /dev/[u]random at the well known cryptography
mailing list)...

BUT,... cryptsetup uses by default unfortunately urandom to generate the
master key.
I never really understood why since all arguments pro it seem weak or
nonsense to me... anyway that's how things are.
But you can use --use-random to change that.

So in principle you should be on the safe side then.

Of course you can improve entropy by using stuff like haveged, or a
TRNG[0],... but I do not really know wheter these also have a positive
effect on the _quality_ of the entropy or just on the _quantity_.


[0] According to Ted Ts'o and others it's not possible to
spoil /dev/random by seeding it with malicious entropy sources (it just
wouldn't get better as it was already)... though I must admit that I've
never understood why this could be like that.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5165 bytes
Desc: not available
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20131021/93a7a759/attachment.bin>

More information about the dm-crypt mailing list