Installer Randomness (Entropy) Question(able)
16 views
Skip to first unread message
unc...@sigaint.org
Jun 5, 2016, 5:39:55 AM6/5/16
to qubes...@googlegroups.com
From where does the Qubes installer get its entropy to create the
long-term keymat for LUKS volumes? I assume standard Linux /dev/random is
running, starting with no cached entropy other than a hardcoded fair dice
roll and thus, no reliable randomness.
A more general question, which probably belongs in a FAQ for a
security-oriented OS, is how does the standard Qubes configuration secure
randomness and cache it across boots? (And is there a way to pick up
cached entropy when the dom0 kernel loads, before opening encrypted
volumes or starting userland? I know how to do this on other OS, but not
Linux under Xen in Qubes-specific configuration.)
I am personally of the unstudied opinion that 90% of successful
"cryptanalysis" is due to system compromise, 9% is due to bad randomness,
and 1% is exploiting actual weakness in ciphers. It is for this reason I
usually never let an OS installer create encrypted disks for me. The
Qubes VM isolation should help somewhat with the 90%; but what about the
9%?
"Uncubed"
long-term keymat for LUKS volumes? I assume standard Linux /dev/random is
running, starting with no cached entropy other than a hardcoded fair dice
roll and thus, no reliable randomness.
A more general question, which probably belongs in a FAQ for a
security-oriented OS, is how does the standard Qubes configuration secure
randomness and cache it across boots? (And is there a way to pick up
cached entropy when the dom0 kernel loads, before opening encrypted
volumes or starting userland? I know how to do this on other OS, but not
Linux under Xen in Qubes-specific configuration.)
I am personally of the unstudied opinion that 90% of successful
"cryptanalysis" is due to system compromise, 9% is due to bad randomness,
and 1% is exploiting actual weakness in ciphers. It is for this reason I
usually never let an OS installer create encrypted disks for me. The
Qubes VM isolation should help somewhat with the 90%; but what about the
9%?
"Uncubed"
Reply all
Reply to author
Forward
0 new messages