eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-05 16:00:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

man: Weaken warning about /dev/urandom as recent kernels behave much better.

Browse Source
This commit is contained in:
Milan Broz
2025-07-23 11:43:24 +02:00
parent a9e245f68c
commit 5af06cb6cc
2 changed files with 7 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
man/common_options.adoc
View File

@@ -1162,12 +1162,8 @@ endif::[]
ifndef::ACTION_REENCRYPT[]
For _luksFormat_, these options define which kernel random number generator will be used to create the volume key (which is a long-term key).
+
See *NOTES ON RANDOM NUMBER GENERATORS* in *cryptsetup*(8) for more information.
Use _cryptsetup --help_ to show the compiled-in default random number generator.
+
*WARNING:* In a low-entropy situation (e.g., in an embedded system) and older kernels, both selections are problematic.
Using /dev/urandom can lead to weak keys.
Using /dev/random can block a long time, potentially forever, if not enough entropy can be harvested by the kernel.
Do not use these options with recent kernels (later than version 5.6).
For more details, see *NOTES ON RANDOM NUMBER GENERATORS* in *cryptsetup*(8) and *urandom*(4).
endif::[]
endif::[]