[dm-crypt] Filling a disk with random data - question

Cpp tzornik at gmail.com
Mon Mar 17 19:55:05 CET 2014


Hello,

I noticed a lot of online articles recommend to overwrite your hard
disk with random data before creating an encryption volume on it.
Normally this is done by:

# dd if=/dev/urandom of=/dev/sda bs=4096

This will of course take a while, and there is also the badblocks
alternative. However recently I've seen another approach that uses an
encrypted (non-luks) container that is later filled with blank data.
It's said that this approach is much faster than the urandom method
above. I haven't used this yet, so I hope I got the command line
right:

# cryptsetup -c aes-xts-plain64 -h sha512 -s 512 -d /dev/urandom open
/dev/sda --type plain cryptroot
# dd if=/dev/zero of=/dev/mapper/cryptroot bs=4096

My question is are there any serious drawbacks of using this method in
place of the urandom one?


Best regards!


More information about the dm-crypt mailing list