On 2020-06-26 06:07, David Wright wrote:
On Fri 19 Jun 2020 at 14:52:11 (-0700), David Christensen wrote:
Benchmark is one thing. But, from a security viewpoint, writing zeros
to an encrypted volume amounts to providing blocks of plaintext for
corresponding blocks of cyphertext, thereby facilitating
cryptanalysis.
So in view of the unlikelihood of badblocks actually logging something
more useful than SMART (where available) or normal disk write errors,
perhaps a compromise (for my use case) is to just write /dev/urandom
rather than /dev/zero.
Copying random data to a partition while creating an encrypted
filesystem provides a high-entropy backdrop to conceal ciphertext
blocks. This is a form of steganography. The Debian Installer manual
partitioning page has an option to do this.
As the storage is used, the initial random blocks will be overwritten by
ciphertext blocks. Depending upon filesystem, encryption, volume
management, and/or device details, the steganography degrades and may
eventually disappear.
Copying random data to storage will add fresh nearly-random blocks on
the device, improving the steganography. (The canonical example is to
copy /dev/urandom to a file until the filesystem fills up, and then
delete the file. But, this takes time and adds wear to the device.)
On this slow machine with an oldish PATA disk,
I can get about 75% speed from urandom, 15MB/s vs 20MB/s on a 29GiB
partition (no encryption). There's a noticeable slowdown because,
I presume, the machine runs a bit short of entropy after a while.
I think you are noticing a slowdown when the Linux write buffer fills.
David
