Re: Bug#723729: partman-crypto: LUKS master key is read from /dev/urandom

To: Christian PERRIER <bubulle@debian.org>, 723729@bugs.debian.org
Cc: debian-boot@lists.debian.org
Subject: Re: Bug#723729: partman-crypto: LUKS master key is read from /dev/urandom
From: Thiemo Nagel <thiemo.nagel@gmail.com>
Date: Mon, 23 Sep 2013 11:46:51 +0200
Message-id: <CAOGcq_5yE7zbEWsSyNZ1GrQ2Ady0uyOuxnavERbAgDesi10FKg@mail.gmail.com>
In-reply-to: <20130922124358.GZ1714@mykerinos.kheops.frmug.org>
References: <20130919093807.5694.5402.reportbug@kiste> <20130919165741.GM1714@mykerinos.kheops.frmug.org> <523DEDC1.1070406@boudin.name> <20130922124358.GZ1714@mykerinos.kheops.frmug.org>

Dear Christian,

I really appreciate your confidence in me... ;-)

BTW: I found this gem in man urandom (emphasis mine): "As a general
rule, /dev/urandom should be used for everything *except* long-lived
GPG/SSL/SSH keys." As the md-crypt master key probably is a prime
example for a long-lived cryptographic key: do you think it would be
adequate to tag the bug "security" and/or to increase its severity?
Which (point) release would you like to aim for to resolve the issue?

Thank you and best regards,
Thiemo

On Sun, Sep 22, 2013 at 2:43 PM, Christian PERRIER <bubulle@debian.org> wrote:
> Quoting Regis Boudin (regis@boudin.name):
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On 19/09/13 18:57, Christian PERRIER wrote:
>> > Quoting Thiemo Nagel (thiemo.nagel@gmail.com):
>> >
>> >> 2. In case the job doesn't return within a couple of seconds,
>> >> instruct the user to a) either press keys until enough entropy
>> >> has been gathered or b) select "Cancel" and continue in unsafe
>> >> manner. If the
>> >
>> >
>> > Don't we have such things?
>> >
>> > I'm sure I translated screens where users are prompted to type
>> > keys, move the mouse and do other stuff in order to generate
>> > entropy.
>>
>> There is, it is cdebconf-entropy.
>
> (let's answer to the bug report)
>
> OK, then it seems that we "only" need someone to use cdebconf-entropy
> widgets from partman-crypto, then.
>
> Thiemo, you seem to have great intereste in partman-crypto......:-)
>
>

Reply to:

Follow-Ups:
- Re: Bug#723729: partman-crypto: LUKS master key is read from /dev/urandom
  - From: Christian PERRIER <bubulle@debian.org>

References:
- Bug#723729: partman-crypto: LUKS master key is read from /dev/urandom
  - From: Thiemo Nagel <thiemo.nagel@gmail.com>
- Bug#723729: partman-crypto: LUKS master key is read from /dev/urandom
  - From: Christian PERRIER <bubulle@debian.org>
- Re: Bug#723729: partman-crypto: LUKS master key is read from /dev/urandom
  - From: Regis Boudin <regis@boudin.name>
- Re: Bug#723729: partman-crypto: LUKS master key is read from /dev/urandom
  - From: Christian PERRIER <bubulle@debian.org>

Prev by Date: Fwd: udeb uninstallability trend: worse (+23/-0)
Next by Date: Bug#724042: installation-report: partitioned disk with partitions not on physical sector boundaries
Previous by thread: Re: Bug#723729: partman-crypto: LUKS master key is read from /dev/urandom
Next by thread: Re: Bug#723729: partman-crypto: LUKS master key is read from /dev/urandom
Index(es):
- Date
- Thread