[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Use /dev/random before encrypting disks?

From: Jeremy Katz <katzj redhat com>
To: Discussion of Development and Customization of the Red Hat Linux Installer <anaconda-devel-list redhat com>
Subject: Re: Use /dev/random before encrypting disks?
Date: Tue, 05 Feb 2008 08:20:02 -0500

On Tue, 2008-02-05 at 10:23 +0100, Alexander Todorov wrote:
> in many disk encryption resources on the web the user is given an advice 
> to use /dev/random to populate the disk before he sets up the encryption 
>   process. This is said to increase entropy and recommended for brand 
> new disks.
> 
> Does anaconda have the support for that in the current block device 
> encryption implementation? I guess not but haven't looked at the code.
> IMO a GIU/TUI/kickstart flag is enough to let the user choose if they 
> want to populate the device with random data prior to encryption.
> What do you think?

Given the amount of under the covers remapping that disks do these days
and things like hidden sectors, etc, I really don't think it makes much
difference.  But if you do it, then you've got a very painful and long
process that's pretty impossible to message in the UI.

And if you're paranoid, there's always %pre

Jeremy

References:
- Use /dev/random before encrypting disks?
  - From: Alexander Todorov

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]