Dear Christian, I really appreciate your confidence in me... ;-)
BTW: I found this gem in man urandom (emphasis mine): "As a general rule, /dev/urandom should be used for everything *except* long-lived GPG/SSL/SSH keys." As the md-crypt master key probably is a prime example for a long-lived cryptographic key: do you think it would be adequate to tag the bug "security" and/or to increase its severity? Which (point) release would you like to aim for to resolve the issue? Thank you and best regards, Thiemo On Sun, Sep 22, 2013 at 2:43 PM, Christian PERRIER <bubu...@debian.org> wrote: > Quoting Regis Boudin (re...@boudin.name): >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On 19/09/13 18:57, Christian PERRIER wrote: >> > Quoting Thiemo Nagel (thiemo.na...@gmail.com): >> > >> >> 2. In case the job doesn't return within a couple of seconds, >> >> instruct the user to a) either press keys until enough entropy >> >> has been gathered or b) select "Cancel" and continue in unsafe >> >> manner. If the >> > >> > >> > Don't we have such things? >> > >> > I'm sure I translated screens where users are prompted to type >> > keys, move the mouse and do other stuff in order to generate >> > entropy. >> >> There is, it is cdebconf-entropy. > > (let's answer to the bug report) > > OK, then it seems that we "only" need someone to use cdebconf-entropy > widgets from partman-crypto, then. > > Thiemo, you seem to have great intereste in partman-crypto......:-) > > -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/caogcq_5ye7zbewssynz1grq2ady0uyouxnaverbagdesi10...@mail.gmail.com