-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've did some work implementing /dev/random in GNU Hurd (yes, yes, I know :-P). Static bootups are fairly constant, i.e., poor source of entropy, so that is a major problem. However, it might be possible to have the user provide or generate entropy (maybe a friendly message such as "Ubuntu needs to generate entropy to encrypt your files, please bang on the keyboard like a monkey"), or the ability to provide a private key from another source like a USB key or something. Michael
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: http://getfiregpg.org iEYEARECAAYFAkjbB1wACgkQpblTBJ2i2psm4ACfcjq/0QyAV3PARKIgWmfNpdTy WKQAni0DPfLwUwW39PVklGZ32wCaS0do =TGV+ -----END PGP SIGNATURE----- On Wed, Sep 24, 2008 at 11:28 PM, Kienan Stewart <[EMAIL PROTECTED]> wrote: > Hi > > I was looking at the wikipedia article on /dev/random and /dev/urandom, > having previously not used them. The article linked to a paper that analyzed > the cryptographic procedures of the /dev/random and /dev/urandom in linux. > The main thing that I took out of paper and the wikipedia article was that > there was a small concern about the lack of entropy available in /dev/random > during installs and on livecds. If the key is generated right after a > reboot, they may not be sufficiently random. I'm not sure, but this could be > a thing to consider if keys are going to be generated early in the install > procedure. Would anyone else consider this a concern? > > P.S. Sorry if I sent this to someone twice, gmail only replies to the last > writer and not the list. My apologies. >> >> On Tue, Sep 23, 2008 at 3:48 PM, Onno Benschop <[EMAIL PROTECTED]> wrote: >>> >>> On 24/09/08 01:43, Dustin Kirkland wrote: >>> > That said, let me throw out another perhaps more controversial >>> > option... What if we didn't ask, and we just provided ~/Private >>> > encrypted by default? If unspecified, the mount passphrase is >>> > randomly generated from 128 bits of /dev/urandom. We can do that >>> > completely entirely and reliably without adding a screen to the >>> > installer, and provide the system administrator user a secure, >>> > encrypted location to drop critical data by default on any Ubuntu >>> > Server >>> When I saw the previous posts come past I wondered if this wasn't a >>> better option. Leading by example. >>> >>> I'm not familiar with how it's created, but could it be "built-in" as >>> you suggest and be created when an account is made as part of the >>> adduser process? >>> >>> Could the (initial) pass-phrase be the user's login password? >>> >>> >>> -- >>> Onno Benschop >>> >>> Connected via Optus B3 at S31°54'06" - E115°50'39" (Yokine, WA) >>> -- >>> ()/)/)() ..ASCII for Onno.. >>> |>>? ..EBCDIC for Onno.. >>> --- -. -. --- ..Morse for Onno.. >>> >>> ITmaze - ABN: 56 178 057 063 - ph: 04 1219 8888 - >>> [EMAIL PROTECTED] >>> >>> >>> >>> -- >>> ubuntu-server mailing list >>> [email protected] >>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server >>> More info: https://wiki.ubuntu.com/ServerTeam >> > > > -- > ubuntu-server mailing list > [email protected] > https://lists.ubuntu.com/mailman/listinfo/ubuntu-server > More info: https://wiki.ubuntu.com/ServerTeam > -- ubuntu-server mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
