[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#723729: partman-crypto: LUKS master key is read from /dev/urandom

Christian PERRIER <bubulle@debian.org> (2013-09-23):
> Quoting Thiemo Nagel (thiemo.nagel@gmail.com):
> > Dear Christian,
> > 
> > I really appreciate your confidence in me... ;-)
> > 
> > BTW: I found this gem in man urandom (emphasis mine): "As a general
> > rule, /dev/urandom should be used for everything *except* long-lived
> > GPG/SSL/SSH keys." As the md-crypt master key probably is a prime
> > example for a long-lived cryptographic key: do you think it would be
> > adequate to tag the bug "security" and/or to increase its severity?
> > Which (point) release would you like to aim for to resolve the issue?
> 
> 
> Probably none. I think it's quite unlikely that we go and fix this for
> wheezy, and more likely that it's addressed only in jessie.

We could think of fixing it in wheezy, but surely not before it has been
exposed to unstable/testing users for a while; meaning not the next
point release in any cases.

Mraw,
KiBi.
Reply to: