On Mon, Jun 29, 2020 at 02:13:21 CEST, Fourhundred Thecat wrote: > Hello, > > after some experiments, I came up with following 4 questions. I think > that the answer to all of them is yes, but I would like to confirm this > with the experts here: > > 1) > A crypto map aes-xts-plain64:sha512 with a random 512bit key is created > over a block device. When zeroes are written to the device through the > crypto map (encrypting), does it generate quality random data on the > block device (comparable to /dev/urandom)? Well, yes and no. Yes, if you just ise it once. No, as it gets written to disk and that is it. > 2) > The same crypto map over a block device, but the block devices contains > zeroes. When I read data, will it generate quality random data? > (comparable to /dev/urandom or a random number generator?) See above. > 3) > If yes should it be the fastest way to generate random data on a typical > Linux computer, compared to reading /dev/urandom? (especially when > having AES instruction support in the CPU) No. /dev/urandom has gotten a lot faster. > 4) > If the data obtained by reading from the zeroed device through that > crypto map (aes-xts-plain64:sha512) is written back to the block device > (using the same crypto map and key), will you get the original data? (in > this example zeros). That is how disk encryption works, at least when you do not have per-sector metadata and LUKS does not. Regards, Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx https://www.saout.de/mailman/listinfo/dm-crypt
