[dm-crypt] Filling a disk with random data - question

Arno Wagner arno at wagner.name
Thu Apr 10 17:15:16 CEST 2014


Just added this to the Wiki-Version of the FAQ as Item 2.19, if 
anybody wants to have a look and comment.

Arno


On Tue, Mar 18, 2014 at 03:33:51 CET, Arno Wagner wrote:
> On Mon, Mar 17, 2014 at 19:55:05 CET, Cpp wrote:
> > Hello,
> > 
> > I noticed a lot of online articles recommend to overwrite your hard
> > disk with random data before creating an encryption volume on it.
> > Normally this is done by:
> > 
> > # dd if=/dev/urandom of=/dev/sda bs=4096
> 
> This is slooooooooooow.... ;-)
>  
> > This will of course take a while, and there is also the badblocks
> > alternative. However recently I've seen another approach that uses an
> > encrypted (non-luks) container that is later filled with blank data.
> > It's said that this approach is much faster than the urandom method
> > above. 
> 
> I came up with that when I had to securely wipe 50 disks 
> a few years ago. Other people may have had a similar idea.
> 
> > I haven't used this yet, so I hope I got the command line
> > right:
> > 
> > # cryptsetup -c aes-xts-plain64 -h sha512 -s 512 -d /dev/urandom open
> > /dev/sda --type plain cryptroot
> 
> Make ist easier on you, the defaults are really quite enough: 
> 
> # cryptsetup create -d /dev/urandom /dev/sda cryptroot
> 
> > # dd if=/dev/zero of=/dev/mapper/cryptroot bs=4096
> 
> And you can get a progress meter like this:
> 
> # dd_rescue -w /dev/zero /dev/mapper/cryptroot
> 
> or like this
> 
> # cat /dev/zero | wcs > /dev/mapper/cryptroot
> 
> (uses my sream-meter "wcs" from:  http://www.tansi.org/tools/index.html)
>  
> > My question is are there any serious drawbacks of using this method in
> > place of the urandom one?
> 
> None. 
> 
> Arno
> -- 
> Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
> GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
> ----
> A good decision is based on knowledge and not on numbers. -  Plato
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -  Plato


More information about the dm-crypt mailing list