[dm-crypt] Filling a disk with random data - question

Robert Nichols rnicholsNOSPAM at comcast.net
Tue Mar 18 23:20:47 CET 2014


On 03/17/2014 09:33 PM, Arno Wagner wrote:
> On Mon, Mar 17, 2014 at 19:55:05 CET, Cpp wrote:
>> # cryptsetup -c aes-xts-plain64 -h sha512 -s 512 -d /dev/urandom open
>> /dev/sda --type plain cryptroot
>
> Make ist easier on you, the defaults are really quite enough:
>
> # cryptsetup create -d /dev/urandom /dev/sda cryptroot
>
>> # dd if=/dev/zero of=/dev/mapper/cryptroot bs=4096
>
>> My question is are there any serious drawbacks of using this method in
>> place of the urandom one?
>
> None.

Glad to hear it, since I've been doing that all along.  If you happen
to be doing this with an old cryptsetup, you want to select an IV
that does not repeat on a large volume.  This, for example would be
a poor choice (from cryptsetup 1.1.3):

   Default compiled-in device cipher parameters:
       plain: aes-cbc-plain, Key: 256 bits, Password hashing: ripemd160

-- 
Bob Nichols     "NOSPAM" is really part of my email address.
                 Do NOT delete it.



More information about the dm-crypt mailing list