Hi, I started using remote unlocking of encrypted filesystems within the initramdisk (as provided by the cryptsetup/dropbear packets) some time ago. However I am worried because of the potentially low entropy during the execution of the initramfs and dropbear using /dev/urandom as a source for randomness. /usr/share/doc/cryptsetup/README.remote.gz from my installed cryptsetup (2:1.4.3-4) states in the Issues section, that the ssh daemon (dropbear) "might be delayed until enough entropy has been retrieved". I couldn't find any other references of dropbear delaying startup due to low entropy. In the dropbear code I could only find graceful handling of a blocking random source but no builtin delay mechanism. Can anyone confirm that dropbear does delay startup if the kernel is low on entropy? Thanks Lukas
Attachment:
signature.asc
Description: OpenPGP digital signature