Difference between revisions of "Talk:Random number generation"

From ArchWiki
Jump to: navigation, search
(import old conversation - on the bashing of /dev/urandom from Talk:Dm-crypt_with_LUKS)
 
(random vs urandom in this page: re)
 
(9 intermediate revisions by 5 users not shown)
Line 1: Line 1:
== on the bashing of /dev/urandom ==
+
== random vs urandom in this page ==
{{Note|This section was moved from [[Talk:Dm-crypt_with_LUKS]].}}
+
  
I don't take an opinion on whether old overwritten data can be read.
+
Looking at the discussion under [[Talk:Dm-crypt/Device encryption#Encryption options for LUKS mode example]], and notably [http://www.2uo.de/myths-about-urandom/ Myths about /dev/urandom], I believe the warning in this page (about not using urandom for long-term cryptographic keys) should be lessened and expanded: when random is absolutely necessary, and why urandom is enough for the most use-cases, even for master keys.
 +
I think it should go beyond the three unexplained links Indigo added at the end of the sentence, but I'd like to wait for wiki maintainers' opinion, as the nuances in this page could be critical for users. <span style="color:red">— [[User:Dinghy|Dinghy]] ([[User_talk:Dinghy|Talk]])</span> 01:24, 11 December 2015 (UTC)
  
However, there is an unrelated reason to fill a LUKS partition from {{ic|/dev/urandom}} before LUKS-initializing it (and after checking for bad blocks if you wanted to do that).
+
:I'd be in favor of at least adding external references to the Warning, can you post a draft of how you'd reword it? — [[User:Kynikos|Kynikos]] ([[User talk:Kynikos|talk]]) 06:27, 12 December 2015 (UTC)
 
+
It makes it harder for people trying to read your disk and find out what's on it.  If you filled it with zeroes, for example, then they would be able to tell which portions of the partition had been written to since you initialized it.
+
 
+
compare gentoo docs, http://en.gentoo-wiki.com/wiki/DM-Crypt_with_LUKS#Filling_the_disk_with_random_data --[[User:Idupree|Idupree]] 22:45, 3 March 2010 (EST)
+
 
+
:Agreed, {{ic|/dev/urandom}} should be used to clear partitions, at least as default in the examples. If anyone wants to zero the partitions instead of using random data, they are free to do so. --[[User:Montschok|Montschok]] 20:53, 11 August 2010 (EDT)
+

Latest revision as of 06:28, 12 December 2015

random vs urandom in this page

Looking at the discussion under Talk:Dm-crypt/Device encryption#Encryption options for LUKS mode example, and notably Myths about /dev/urandom, I believe the warning in this page (about not using urandom for long-term cryptographic keys) should be lessened and expanded: when random is absolutely necessary, and why urandom is enough for the most use-cases, even for master keys. I think it should go beyond the three unexplained links Indigo added at the end of the sentence, but I'd like to wait for wiki maintainers' opinion, as the nuances in this page could be critical for users. Dinghy (Talk) 01:24, 11 December 2015 (UTC)

I'd be in favor of at least adding external references to the Warning, can you post a draft of how you'd reword it? — Kynikos (talk) 06:27, 12 December 2015 (UTC)