Re: Status of partman-crypto
On Sat, Dec 10, 2005 at 02:41:11PM -0500, Joey Hess wrote:
> I asked Mithander to check in his cdebconf support for out of tree
> plugin building for cdebconf, and he did so last night, so you might
> want to take a look at that.
I just did and converted the plugin: It builds out-of-tree now
Thanks Tollef!
> Have you considered perhaps using the existing disk contents that the
> installer is going to overwrite as an entropy source? The entropy
> level of a tyical windows install might be pretty high. ;-) So maybe
> mount and play around with any existing filesystems.
That's an interesting idea.
I suppose the amount of entropy depends on which part of the
disk(s) we look at. The first X megabytes are probably very
deterministic due to the MBR and standard windows binaries. I'll
write to hmh (resident entropy expert) and ask him about this
and the other ideas floating around. Hopefully he can help us.
My impression at this stage is that it would be best not to rely on
any particular single source of entropy, but to feed several to a
daemon like rngd that does FIPS-140-2 tests and selects what it
considers good enough for feeding back to the kernel.
cheers,
Max
Reply to: