On Wed, Nov 21, 2007 at 05:47:39AM +0100, Arno Wagner wrote: > On Tue, Nov 20, 2007 at 03:26:00PM -0200, Andreas wrote: > > Hello, > > > > I'm creating image files using dd and associating them with a loop > > device with losetup (no crypto so far). Then I use cryptsetup on the > > loop device. > > > > Since the image files are rather large (+/- 35Gb), using plain dd takes > > a long time (dd if=/dev/zero of=/image.img ...) and renders the machine > > quite useless during that time. > > I would suggest using dd_rescue, which is a lot more efficient and > typically reaches the disks maximum data rate. It also gives > you a nice progress indicator. Thanks, I didn't know about that one. > > I then tried creating a sparse file instead and it was much faster and > > seems to be working well. Are there any bad security implications in > > using a sparse file instead of a "full" file, considering I was filling > > it with zeroes to begin with? > > The only problem I see is that an attacker would know which sectors > have been written, and which have not. I would think this is > not an issue in most situations. Since I was just filling the file with zeroes instead of random data, I guess the attacker would already know that. > There is also an issue with sparse files: They grow. If you > have insufficient space, writes may file at some time due > to lack of disk space. Well, they grow up to the full size as reported by ls. I'm not "overcommitting" here, i.e., if I create a 35Gb sparse file, I first make sure a regular 35Gb file would fit in. Thanks for the comments --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
