[pkg-cryptsetup-devel] Bug#728197: Bug#728197: Low entropy for encrypted swap partition

Guilhem Moulin guilhem at guilhem.org
Fri Sep 16 18:41:29 UTC 2016 

On Tue, 29 Oct 2013 at 13:09:08 +0100, Milan Kral wrote
> The problem is that in /etc/rcS.d  the scripts S07cryptdisks-early,
> S09cryptdisks are run before S13urandom. We are trying to read from
> /dev/urandom before the Linux random number generator is properly
> seeded. This can lead to predictable encryption key for the swap
> partition.

That's problematic, indeed.  For the record, the situation doesn't seem
to be better with systemd:

    Sep 16 18:35:40 debian kernel: random: udevadm: uninitialized urandom read (16 bytes read, 1 bits of entropy available)
    Sep 16 18:35:40 debian kernel: random: udevadm: uninitialized urandom read (16 bytes read, 1 bits of entropy available)
    Sep 16 18:35:40 debian kernel: random: udevadm: uninitialized urandom read (16 bytes read, 1 bits of entropy available)
    Sep 16 18:35:40 debian kernel: random: udevadm: uninitialized urandom read (16 bytes read, 1 bits of entropy available)
    Sep 16 18:35:40 debian kernel: random: udevadm: uninitialized urandom read (16 bytes read, 1 bits of entropy available)
    Sep 16 18:35:40 debian kernel: random: udevadm: uninitialized urandom read (16 bytes read, 1 bits of entropy available)
    Sep 16 18:35:40 debian kernel: random: udevadm: uninitialized urandom read (16 bytes read, 1 bits of entropy available)
    Sep 16 18:35:40 debian kernel: random: udevadm: uninitialized urandom read (16 bytes read, 1 bits of entropy available)
    Sep 16 18:35:40 debian kernel: random: udevadm: uninitialized urandom read (16 bytes read, 1 bits of entropy available)
    Sep 16 18:35:40 debian kernel: random: udevadm: uninitialized urandom read (16 bytes read, 1 bits of entropy available)
    […]
    Sep 16 18:35:40 debian systemd[1]: Found device /dev/vda1.
    Sep 16 18:35:40 debian systemd[1]: Starting Cryptography Setup for swap...
    Sep 16 18:35:41 debian kernel: device-mapper: uevent: version 1.0.3
    Sep 16 18:35:41 debian systemd-cryptsetup[518]: Set cipher aes, mode xts-plain64, key size 256 bits for device /dev/vda1.
    Sep 16 18:35:41 debian mkswap[576]: Setting up swapspace version 1, size = 64 MiB (67072000 bytes)
    Sep 16 18:35:41 debian mkswap[576]: no label, UUID=eca1d0f8-e1da-4ed6-867c-86c4bfca92f5                                                          
    Sep 16 18:35:41 debian systemd[1]: Started Cryptography Setup for swap.
    Sep 16 18:35:41 debian systemd[1]: Reached target Encrypted Volumes.
    Sep 16 18:35:41 debian systemd[1]: Found device /dev/mapper/swap.
    Sep 16 18:35:41 debian systemd[1]: Activating swap /dev/mapper/swap...
    Sep 16 18:35:41 debian systemd[1]: Activated swap /dev/mapper/swap.
    Sep 16 18:35:41 debian systemd[1]: Reached target Swap.
    Sep 16 18:35:41 debian kernel: Adding 65500k swap on /dev/mapper/swap.  Priority:-1 extents:1 across:65500k FS  
    […]
    Sep 16 18:35:44 debian login[662]: ROOT LOGIN  on '/dev/tty1'
    Sep 16 18:35:48 debian kernel: random: nonblocking pool is initialized

(Note the “random: nonblocking pool is initialized” at the very end,
long after initializing swap, even after login.)

-- 
Guilhem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20160916/83badec9/attachment.sig>

More information about the pkg-cryptsetup-devel mailing list