On Saturday 03 May 2008, Max Vozeler wrote: > When you select "Random key" for loop-AES, the actual keys > are generated from /dev/urandom by mount or swapon. We don't > use cdebconf-entropy for such setups.
Does that mean that I should not have been shown *either* of the two dialogs (passphrase and random typing) with the "incorrect" method? Should cdebconf-entropy be used only with dm-crypt? If that is the case then the current logic is _really_ broken... It would be nice to have this fixed before Beta2, but not at the risk of breaking other things. > > "Incorrect" method: [...] > > After this I am first asked to enter an encryption passphrase, even > > though there is no partition that uses one. This is a bug. > > Indeed, this is arguably non-intuitive. > > Your earlier choice of random keytype was reset to the default > for loop-AES, gnupg keyfile, when you changed the encryption > method. > > FWIW, the partman dialog should reflect the reset keytype after > switching the encryption type. IIRC it did not. My test should be trivial to reproduce though. > > After that I *am* asked to enter random characters, with the progress > > bar at only 2%. Getting sufficient entropy litterally takes ages: > > getting from 5 to 10% takes 20 seconds. I don't remember it taking that > > long with previous tests I've done. > > Were the earlier tests done in the same environment? Yes. Exactly the same (I'd done a snapshot in VirtualBox just before partitioning and based both cases on that). > Lots of factors contribute to how well (or how badly) the entropy > pool is being fed by device drivers. IIRC some disk drivers do, > some don't, some network drivers do, others don't etc. > > Apart from that I don't recall any changes that should have made > key generation more painful than it already was. :-/ Well, IIUC I should not have seen the dialog at all, so it's somewhat academic. I'll test again with dm-crypt and random keys some time. > > The interface does allow > > it, but I seem to remember that supporting random keys was the reason > > why we still needed support for loop-aes. > > No. loop-AES is not a "legacy" for lack of features in dm-crypt. It might be a good idea to document those in the README file in partman-crypto (which needs updating anyway as the comments at the top of that file are completely outdated). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
