Re: Bug#723729: partman-crypto: LUKS master key is read from /dev/urandom

2013-09-23 Thread Thiemo Nagel
Dear Christian, I really appreciate your confidence in me... ;-) BTW: I found this gem in man urandom (emphasis mine): As a general rule, /dev/urandom should be used for everything *except* long-lived GPG/SSL/SSH keys. As the md-crypt master key probably is a prime example for a long-lived

Re: Bug#723729: partman-crypto: LUKS master key is read from /dev/urandom

2013-09-23 Thread Cyril Brulebois
Christian PERRIER bubu...@debian.org (2013-09-23): Quoting Thiemo Nagel (thiemo.na...@gmail.com): Dear Christian, I really appreciate your confidence in me... ;-) BTW: I found this gem in man urandom (emphasis mine): As a general rule, /dev/urandom should be used for everything

Re: Bug#723729: partman-crypto: LUKS master key is read from /dev/urandom

2013-09-23 Thread Christian PERRIER
Quoting Thiemo Nagel (thiemo.na...@gmail.com): Dear Christian, I really appreciate your confidence in me... ;-) BTW: I found this gem in man urandom (emphasis mine): As a general rule, /dev/urandom should be used for everything *except* long-lived GPG/SSL/SSH keys. As the md-crypt master

Re: Bug#723729: partman-crypto: LUKS master key is read from /dev/urandom

2013-09-22 Thread Christian PERRIER
Quoting Regis Boudin (re...@boudin.name): -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 19/09/13 18:57, Christian PERRIER wrote: Quoting Thiemo Nagel (thiemo.na...@gmail.com): 2. In case the job doesn't return within a couple of seconds, instruct the user to a) either press keys

Re: Bug#723729: partman-crypto: LUKS master key is read from /dev/urandom

2013-09-21 Thread Regis Boudin
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 19/09/13 18:57, Christian PERRIER wrote: Quoting Thiemo Nagel (thiemo.na...@gmail.com): 2. In case the job doesn't return within a couple of seconds, instruct the user to a) either press keys until enough entropy has been gathered or b)

Bug#723729: partman-crypto: LUKS master key is read from /dev/urandom

2013-09-19 Thread Thiemo Nagel
Package: partman-crypto Severity: important Tags: d-i Hello, it seems that upon initialization of encrypted volumes, the LUKS master key is created by reading entropy from /dev/urandom which means that in case the kernel is low on entropy at the time of volume creation, the volume will be

Bug#723729: partman-crypto: LUKS master key is read from /dev/urandom

2013-09-19 Thread Thiemo Nagel
On Thu, Sep 19, 2013 at 6:57 PM, Christian PERRIER bubu...@debian.org wrote: Quoting Thiemo Nagel (thiemo.na...@gmail.com): 2. In case the job doesn't return within a couple of seconds, instruct the user to a) either press keys until enough entropy has been gathered or b) select Cancel

Bug#723729: partman-crypto: LUKS master key is read from /dev/urandom

2013-09-19 Thread Christian PERRIER
Quoting Thiemo Nagel (thiemo.na...@gmail.com): 2. In case the job doesn't return within a couple of seconds, instruct the user to a) either press keys until enough entropy has been gathered or b) select Cancel and continue in unsafe manner. If the Don't we have such things? I'm sure I