So since cryptsetupp/LUKS uses /dev/urandom (psuedorandom data) by default can we agree that this is just not feasible for encrypting data?
It is a good attempt at generating pseudo random data.
You can't get true randomness in a home pc.
>>55420422
Why haven't you killed yourself
>>55420445
You can get better randomness if the system just recorded from the microphone and webcam as well as network packets surely. Does watching a YouTube video actually help /dev/random?
>>55420422
>That fucking picture.
In typical /g/ fashion, OP is a faggot who has no idea what they're talking about.
If you trust block ciphers and hashes, and obviously you do because you're using them to encrypt and authenticate things, entropy isn't a thing you just magically run out of: you can stretch one good source, say 256 bits, of entropy, into enough randomness until the heat death of the universe with any good CSPRNG.
You can safely collect that entropy, debiased, from any physical process that your particular threat model is unable to measure or influence: be it zener-diode or avalanche shot noise (as found, for example, on the Raspberry Pi's chipset), chaotic inverter pairs (as used in Intel's Bull Mountain), paired oscillators, quantum polarisation noise, keystrokes, mouse movements, hard disk seeks, TSC/XTAL drift, lava lamps, whatever. You should, ideally, not trust any one source to give you adequate randomness, and it might be a good idea to run tests to make sure they aren't obviously bogus first. Some methods of combination are weak to the last source being manipulated by the attacker: some newer ones are not.
There is controversy as to whether you should continuously collect and reseed entropy; if an attacker can observe your state, you're fucked going forward, but if an attacker can observe your state, you're already fucked going forward - if you see what I mean. There are positives and negatives.
The correct random API to use under Linux now, is the new getrandom(2) API which works in the way I just described. /dev/urandom is just as good if you've properly seeded at least once. /dev/random is entirely unnecessary because in it, Theodore T'so pretends entropy is a thing that can be accurately estimated and you run out of it: an obsolete viewpoint. They should probably replace the hash and upgrade it a bit, but for now it's still fine.
>>55420685
thanks for the good post friendo