[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

dropbear delayed startup


I started using remote unlocking of encrypted filesystems within the
initramdisk (as provided by the cryptsetup/dropbear packets) some time
ago. However I am worried because of the potentially low entropy during
the execution of the initramfs and dropbear using /dev/urandom as a
source for randomness.

/usr/share/doc/cryptsetup/README.remote.gz from my installed cryptsetup
(2:1.4.3-4) states in the Issues section, that the ssh daemon (dropbear)
"might be delayed until enough entropy has been retrieved". I couldn't
find any other references of dropbear delaying startup due to low
entropy. In the dropbear code I could only find graceful handling of a
blocking random source but no builtin delay mechanism.

Can anyone confirm that dropbear does delay startup if the kernel is low
on entropy?


Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: