On 03/27/2012 05:23 AM, Gregory Maxwell wrote:
On Mon, Mar 26, 2012 at 6:55 PM, Chris Murphy
<lists(a)colorremedies.com> wrote:
> So then the question is, if urandom is what's recommended, are faster substitutes
just as good? If they are just as good, then why aren't they the first recommendation?
And if this step is superfluous, then I'd suggest documentation be changed to
eliminate the suggestion altogether.
Personally, I setup dmcrypt (w/o luks) first using /dev/urandom as the
key and one of the secure block modes (e.g. aes-lrw or aes-essiv).
Then I fill the dmcrypt device with /dev/zero. This goes fairly fast,
filling the device with securely encrypted zeros.
Then I drop the volume and set up luks normally.
Nice trick. Does this saturate the disk speed?
Last time I had to do this I compiled my own random generator,
using some code from a research article.
That was fast C code, when compiled for x86_64 with good gcc
options the speed (>/dev/null) was 1.75GB/s (!!!).
--
Roberto Ragusa mail at robertoragusa.it