Using /dev/random at all for such key generation seems totally inappropriate. Don't bother the user he doesn't care or at least he shouldn't. It breaks every other programm, which really needs highest quality entropy. To understand how severe this issue is, see: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=489523
What disturbed me most: This makes enabling a crypto-partition with a key from /dev/random hang. I had this problem when enabling swap. The proper fix was to use /dev/urandom for swap, since /dev/random offers no security advantage. In this particular case. Is anyone who already knows the code willing to fix this? - Just changing /dev/random into /dev/urandom should be rather easy for anyone. -- pidgin-otr should interrupt key creation attempt when /dev/random delivers not enough data https://bugs.launchpad.net/bugs/240640 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
