search

AvANa-BBS / freepto-lb

Encrypted GNU/Linux OS (based on Debian Wheezy) which can be installed on USB flash drive. Freepto is designed for encrypt your communications, carry your documents in secure way and save your anonymity.
http://www.freepto.mx/
43 stars 14 forks source link

Quick entropy generation #133

Closed boyska closed 10 years ago

boyska commented 10 years ago

Waiting for random data to generate is a usability failure. I suspect it could also be a security problem, but I'm not sure.

Installing haveged would probably fix it without much effort.

How to reproduce

Virtualization: ok Needed: a jabber account and someone to talk with Steps:

  1. configure pidgin
  2. start chatting with a buddy that has OTR
  3. wait for the session to begin. The key generation dialog will take more than 10 seconds
boyska commented 10 years ago

How to test

Virtualization: ok Image: http://dev.freepto.mx/dev/entropy_133/2014-07-30_13.43_v1.0alpha1-27-g94e810f-it_IT.UTF-8/ Steps:

  1. configure pidgin
  2. start chatting with a buddy that has OTR
  3. wait for the session to begin. The key generation dialog should take less than 5 seconds (or not appear at all).
boyska commented 10 years ago

I tested it, and it seems to work for both pidgin/otr and thunderbird/enigmail. As always, a tester different from the developer is appreciated, so don't be shy!