[dm-crypt] Random fill

Rick Moritz rahvin at gmail.com
Sun Aug 30 16:07:22 CEST 2009

On Sun, 30 Aug 2009 14:07:27 +0200 Heinz Diehl <htd at fancy-poultry.org> wrote:

> At Sat, 29 Aug 2009 15:58:58 -0400,
> Stroker wrote:
> > My question is, wouldn't the following command fill my 
> > drives with randommess?  Much more quickly than urandom?
> > dd if=/dev/zero of=/dev/mapper/encrypted_sdb1
> Yes, with pseudorandomness just like urandom, as far as I know.
> > Perhaps change the key afterward, or even delete/rebuild 
> > the dm-crypt block?
> You can overwrite the LUKS header multiple times and set up a new one.
> Btw: why do you want to overwrite the entire partition? In my eyes, this is
> some kind of rocket science and makes no sense, considering Kerckhoff's law.

I somewhat disagree:

It is useful to create random data on the partition in order to hide which sectors contain encrypted data and which don't - this makes attacks much harder.
Also, if you use a known algorithm with only a tiny random seed (the key) to fill the disk, this may be reasonable attacked (after all, you've got gigabytes of known plaintext: /dev/zero..) and therefore the "background noise effect" introduced by randomly filling the disk is quickly negated. urandom should routinely recheck the kernels entropy pool for new seeds for its pseudorandomness - therefore providing MUCH better randomness than just using encryption.

80 hours is completely acceptable for filling up a disk - I recall waiting almost 14 days for my partition to be "initialized".
Once it's been done, you don't need to bother with it anymore for the lifetime of the disk. (If you keep using it with full disk encryption.)

More information about the dm-crypt mailing list