On Mon, Mar 17, 2014 at 19:55:05 CET, Cpp wrote: > Hello, > > I noticed a lot of online articles recommend to overwrite your hard > disk with random data before creating an encryption volume on it. > Normally this is done by: > > # dd if=/dev/urandom of=/dev/sda bs=4096 This is slooooooooooow.... ;-) > This will of course take a while, and there is also the badblocks > alternative. However recently I've seen another approach that uses an > encrypted (non-luks) container that is later filled with blank data. > It's said that this approach is much faster than the urandom method > above. I came up with that when I had to securely wipe 50 disks a few years ago. Other people may have had a similar idea. > I haven't used this yet, so I hope I got the command line > right: > > # cryptsetup -c aes-xts-plain64 -h sha512 -s 512 -d /dev/urandom open > /dev/sda --type plain cryptroot Make ist easier on you, the defaults are really quite enough: # cryptsetup create -d /dev/urandom /dev/sda cryptroot > # dd if=/dev/zero of=/dev/mapper/cryptroot bs=4096 And you can get a progress meter like this: # dd_rescue -w /dev/zero /dev/mapper/cryptroot or like this # cat /dev/zero | wcs > /dev/mapper/cryptroot (uses my sream-meter "wcs" from: http://www.tansi.org/tools/index.html) > My question is are there any serious drawbacks of using this method in > place of the urandom one? None. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. - Plato _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
