>From where does the Qubes installer get its entropy to create the long-term keymat for LUKS volumes? I assume standard Linux /dev/random is running, starting with no cached entropy other than a hardcoded fair dice roll and thus, no reliable randomness.
A more general question, which probably belongs in a FAQ for a security-oriented OS, is how does the standard Qubes configuration secure randomness and cache it across boots? (And is there a way to pick up cached entropy when the dom0 kernel loads, before opening encrypted volumes or starting userland? I know how to do this on other OS, but not Linux under Xen in Qubes-specific configuration.) I am personally of the unstudied opinion that 90% of successful "cryptanalysis" is due to system compromise, 9% is due to bad randomness, and 1% is exploiting actual weakness in ciphers. It is for this reason I usually never let an OS installer create encrypted disks for me. The Qubes VM isolation should help somewhat with the 90%; but what about the 9%? "Uncubed" -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f7f14fe4b198346f85323f98ee2e319b.webmail%40localhost. For more options, visit https://groups.google.com/d/optout.
