3

I'm currently trying to teach myself some non-Windowsland operating systems, and I figured Ubuntu Server 16.04 would be the best place to start. Having "mastered" LVM, I'm trying to familiarize myself with cryptsetup and LUKS.

I'm beginning to get it, but the one thing I'm perplexed by is...

...to what end are the random numbers generated by the --use-urandom or --use-random options used for?

In the context of a cryptsetup command, for example:

$ sudo cryptsetup luksFormat --cipher=aes-xts-plain64 --key-size=512 --hash=sha256 --use-random /dev/sdb1 --key-file=/crypto/keyfile

I have done some reading here that using /dev/random (which is what I assume --use-random pulls its random number entropy from) can sometimes take a long time as the system generates more entropy, and so in certain instances it's recommended to use --use-urandom (which correspondingly pulls from /dev/urandom, which as I understand it is wholly pseudorandom) since the system won't get stuck waiting for the entropy pool to "refill."

I don't FULLY understand cryptography, but I'm guessing that this option is used just the once, setting the initial state of the whole encryption scheme, and then we're good. If that's the case, I have no problem waiting for a good and chaotic bed of encryption to protect my data - but if I have to deal with that with every read and write to the disk... that could get old fast.

Am I right? Is this just a one-time thing? Or, by setting --use-random in my command there, am I dooming myself to long LUKS opens and closes, reads and writes, etc?

tromlet
  • 33
  • 1
    /dev/urandom isn't wholly pseudorandom. See https://unix.stackexchange.com/questions/324209/when-to-use-dev-random-vs-dev-urandom, https://www.2uo.de/myths-about-urandom/ – muru Jun 22 '17 at 05:48

2 Answers2

2

using /dev/random (…) can sometimes take a long time as the system generates more entropy

Correct.

in certain instances it's recommended to use --use-urandom (which correspondingly pulls from /dev/urandom

In virtually all circumstances, it's recommended not to use /dev/random. See Is a rand from /dev/urandom secure for a login key? or Myths about urandom.

/dev/urandom, which as I understand it is wholly pseudorandom

No, urandom is not pseudorandom. “Pseudorandom” means “deterministic”. urandom is not deterministic, it uses a (cryptographic-quality) deterministic random generator that is seeded by entropy, and thus produces an effectively endless stream of random bytes from a small amount of non-deterministic data.

The options --use-random and --use-urandom only affect what happens when generating the key, not what happens when using the volume. So --use-random won't make using the volume any slower, it only makes the creation slower. Nonetheless, --use-urandom is generally fine, whereas --use-random is fine for interactive use but not recommended in scripts because it could block forever if there's nothing on the system to increase the entropy count. The only case in which /dev/urandom must not be used is on a freshly-installed, freshly-booted system that hasn't had time to gather entropy yet — unfortunately urandom will return predictable data in this case. As soon as the system has been used for a few minutes (and even across reboots once you've installed the system), /dev/urandom is safe.

Gilles 'SO- stop being evil'
  • 829,060
  • This is a wonderful, highly informative answer, and I am more knowledgeable as a result of it. Hit all the big points. Thank you. – tromlet Jun 23 '17 at 03:59
1

Basically, this is used to create the key for your encryption, it is a one-off, so you are right on that one.

As for random vs urandom, it is usually better to use urandom.

See When to use /dev/random vs /dev/urandom for the gory details.

thecarpy
  • 3,935