On 1/27/19 2:44 PM, Patrick O'Callaghan wrote:
If it's not being read and rewritten, it's not being encrypted. It's as simple as that. A cryptosystem that doesn't read the plaintext? How does that work?
The suggestion you're replying to didn't encrypt the drive in place. It read a stream of zeros from /dev/zero, encrypted that stream, and wrote that stream to the disk. Thus, nothing needed to be read from any disk.
However, this whole thread is questionable. It is predicated on the assumption that your CPU can encrypt a stream of zeros faster than it can generate random data, and also that it can write to its disk faster than it can generate random data. If either of those things is not true, then using an encrypted volume to "wipe" a drive will be slower and more complex, for no benefit.
On my Dell XPS 13, I can read from /dev/urandom at almost exactly the same speed that I can write to a dm-crypt block device, so there would be no reason to use dm-crypt over simply dd if=/dev/urandom to the drive.
(But the point that I was making when I replied to this thread to begin with is that if you are concerned with wiping your data from drives, it should never have been written to the drive in an unencrypted form to begin with. Encrypt your disks. When you want to get rid of them, they're already as secure as your passphrase, and you can irrecoverably wipe them by simply wiping the key header. It's nearly instantaneous.)
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
