Hi Robert, Remember to use a sensible bs= parameter on "dd" - maybe bs=8225280 instead of bs=4096 - writing one-block-at-a-time (bs=4096) would take *days* (weeks even!) to fill a modern large drive! Kind Regards, Chris Drake p.s. 8225280 is one whole track on older drives. Wednesday, March 19, 2014, 8:20:47 AM, you wrote: RN> On 03/17/2014 09:33 PM, Arno Wagner wrote: >> On Mon, Mar 17, 2014 at 19:55:05 CET, Cpp wrote: >>> # cryptsetup -c aes-xts-plain64 -h sha512 -s 512 -d /dev/urandom open >>> /dev/sda --type plain cryptroot >> >> Make ist easier on you, the defaults are really quite enough: >> >> # cryptsetup create -d /dev/urandom /dev/sda cryptroot >> >>> # dd if=/dev/zero of=/dev/mapper/cryptroot bs=4096 >> >>> My question is are there any serious drawbacks of using this method in >>> place of the urandom one? >> >> None. RN> Glad to hear it, since I've been doing that all along. If you happen RN> to be doing this with an old cryptsetup, you want to select an IV RN> that does not repeat on a large volume. This, for example would be RN> a poor choice (from cryptsetup 1.1.3): RN> Default compiled-in device cipher parameters: RN> plain: aes-cbc-plain, Key: 256 bits, Password hashing: ripemd160 _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
