Bug#382840: debian-installer: d-i etch beta3: not enough entropy for cryptsetup via serial console
retitle 382840 Installs via serial console do not get enough entropy
reassign 382840 partman-crypto
severity 382840 normal
thanks
Hi Thomas Arendsen Hein,
On Sun, Aug 13, 2006 at 07:03:36PM +0200, Thomas Arendsen Hein wrote:
> With debian-installer etch beta3 (full CD, x86) I wanted to setup two
> encrypted swap partitions. To be able to copy&paste error message to bug
> reports I used serial console in the beginning and then switched to network
> ssh console.
>
> For both partitions the system could only provide 28% of the needed entropy,
> so it offered me to type something. But neither via ssh nor on a shell via
> serial console nor sending massive pings to the host helped to generate new
> entropy. Only attaching a keyboard again and typing to the otherwise dead
> screen helped.
Thank you for reporting this.
It's a known problem that entropy collection can vary a lot with
different hardware and drivers, sometimes to the point that no
entropy is added at all. I'm surprised that the serial driver did
not contribute entropy. About the network, I think in 2.6 most
networking drivers were changed not to add entropy, although IIRC
that decision was questioned and already partly reverted.
I think we need to find a mechanism that allows to get entropy
from a wider range of devices: Available hardware RNGs, sound or
video devices, mouse movements, perhaps creating disk IO. There
are some (still rough) ideas in this direction in the wiki:
http://wiki.debian.org/DebianInstaller/PartmanCrypto
cheers,
Max
Reply to: