Re: GELI - disk encryption for FreeBSD - review request.
From: Andrew Swallow (am.swallow_at_btopenworld.com)
Date: Fri, 29 Jul 2005 18:54:25 +0000 (UTC)
Joseph Ashwood wrote:
> "Andrew Swallow" <email@example.com> wrote in message
>>Joseph Ashwood wrote:
> [use entropy collection]
>>Entropy collection quickly runs into practical problems.
>>For a disk being written to 50 times a second
>>50 * 24 = 1200 bits of entropy per second.
>>Servers frequently do not even have a mouse to wave around.
>>There may be sufficient entropy to change the second key
>>variable every time you power up.
> That could pose a problem. I'm not entirely certain of the real
> requirements, I haven't given those much investigation, for examination I
> had simply assumed an infinite number of purely entropic bits were easily
> available. I'm sure there's some compromise between pure entropy and CTR
> mode that will be secure.
My view is that if you are designing a disk control
board/chip with built in encryption include the small
number of analogue components to make a random number