"Ryan M. McConahy" wrote:
> Right now, I'm creating a large encrypted filesystem (2gig, maybe I'll
> downsize to 1). I am doing "dd if=/dev/urandom". When this is done, I'll
> probably use 3DES-ede. Would it help/hurt to, on the mounted fs, do a "dd
> if=/dev/urandom of=/cryptdisk/freespacewipefile"?
/dev/urandom is painfully slow. A much faster alternative is to setup a loop
with a random (and unknown) key, and then write zeroes to the loop device.
This example is from loop-AES' README file:
dd if=/dev/urandom bs=15 count=1 2>/dev/null | uuencode -m - \
| head -2 | tail -1 | losetup -p 0 -e AES128 /dev/loop2 /dev/hda666
dd if=/dev/zero of=/dev/loop2 bs=4k conv=notrunc 2>/dev/null
losetup -d /dev/loop2
And then setup and initialize the loop with your _real_ key.
> BTW: Does anyone know if 2.2 crypto can work under 2.4?
Yes, if you use loop-AES.
No, if you use cryptoapi.
Use of 3DES-ede implies that you actually may enjoy slow crypto. If that is
the case, just stick to cryptoapi as it comes standard with bloat and slow
design. If you want speed and compatibility with all maintained stable
kernels (2.4.x 2.2.x 2.0.x), including distro vendor enhanced kernels,
loop-AES is a better choice.
Regards,
Jari Ruusu <jari.ruusu@pp.inet.fi>
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
