Package: cryptsetup Version: 2:1.6.1-1 Severity: important
Dear Maintainer, I have added encrypted swap partition to /etc/crypttab exactly as recommended in /usr/share/doc/cryptsetup/README.Debian.gz cswap1 /dev/hdc1 /dev/urandom swap,cipher=aes-cbc-essiv:sha256,size=256,hash=sha256 The problem is that in /etc/rcS.d the scripts S07cryptdisks-early, S09cryptdisks are run before S13urandom. We are trying to read from /dev/urandom before the Linux random number generator is properly seeded. This can lead to predictable encryption key for the swap partition. One solution would be to move S13urandom to S06urandom, but then the random seed file /var/lib/urandom/random-seed muss be present before mounting crypto partitions. Please see also the comment "*2.2 How do I set up encrypted swap?"* https://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions#2._Setup Again, the problem is that S13urandom is run only after S09cryptdisks
signature.asc
Description: OpenPGP digital signature
