Arch Linux

maggie

Member

Registered: 2011-02-12

Posts: 255

Gather better entropy before I make a luks encrypted partition

I created an encrypted partition like this

# cryptsetup -v --cipher aes-xts-plain64 --key-size 512 --hash sha256 --use-random luksFormat /dev/sda4

But when I did something similar with truecrypt, it asked me to move my mouse to gather entropy. I read that the kernel does this with the switch I used, but I want to be sure there isn't something better I can to for a higher quality random pool. Is what I have pasted good enough? I do not understand the difference between /dev/random and /dev/urandom. Which is better?

Last edited by maggie (2014-10-27 20:31:36)

WorMzy

Administrator

From: Scotland

Registered: 2010-06-16

Posts: 12,620

Website

Re: Gather better entropy before I make a luks encrypted partition

I don't see what's confusing about the differences between random and urandom, it's very clearly explained in the random(4) man page.

       A read from the /dev/urandom device will not block waiting for more entropy.  As a result,
       if  there is not sufficient entropy in the entropy pool, the returned values are theoreti‐
       cally vulnerable to a cryptographic attack on the algorithms used by the  driver.   Knowl‐
       edge  of how to do this is not available in the current unclassified literature, but it is
       theoretically possible that such an attack may exist.  If this is a concern in your appli‐
       cation, use /dev/random instead.

Your cryptsetup command looks fine to me.

---

Sakura:-
Mobo: MSI MAG X570S TORPEDO MAX // Processor: AMD Ryzen 9 5950X @4.9GHz // GFX: AMD Radeon RX 5700 XT // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 6x 1TB SSD, 2x 120GB SSD, 1x 275GB M2 SSD

Making lemonade from lemons since 2015.

bleach

Member

Registered: 2013-07-26

Posts: 264

Re: Gather better entropy before I make a luks encrypted partition

Sometimes I get issues in that I am not producing enough I will move files or otherwise intensive activities for instance play a game or watch a movie streaming or local.

ewaller

Administrator

From: Pasadena, CA

Registered: 2009-07-13

Posts: 20,353

Re: Gather better entropy before I make a luks encrypted partition

urandom may contain pseudo random numbers. random contains true (or at least very good) random numbers.  Entropy can be thought of as a measure of the disorganization of things.  The kernel can collect entropy from many sources.  Hardware TRNGs, hard disk seek and rotational latency times, times associated with interaction with humans (mouse movement, time between keypresses)  Network latency, etc...     A good way to collect entropy is to just do a little browsing.

---

Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

karol

Archivist

Registered: 2009-05-06

Posts: 25,440

Re: Gather better entropy before I make a luks encrypted partition

https://wiki.archlinux.org/index.php/Pa … he_keyring -> http://www.issihosts.com/haveged/

hydrosIII

Member

Registered: 2013-04-04

Posts: 127

Re: Gather better entropy before I make a luks encrypted partition

in a desktop it shouldnt be a problem. And the difference is clear as Womzy said, the command you used is good and if you move your mouse and keyboard randomly it is even better, but using random can take a long time.