On 03/27/2012 05:23 AM, Gregory Maxwell wrote: > On Mon, Mar 26, 2012 at 6:55 PM, Chris Murphy <li...@colorremedies.com> wrote: >> So then the question is, if urandom is what's recommended, are faster >> substitutes just as good? If they are just as good, then why aren't they the >> first recommendation? And if this step is superfluous, then I'd suggest >> documentation be changed to eliminate the suggestion altogether. > > Personally, I setup dmcrypt (w/o luks) first using /dev/urandom as the > key and one of the secure block modes (e.g. aes-lrw or aes-essiv). > Then I fill the dmcrypt device with /dev/zero. This goes fairly fast, > filling the device with securely encrypted zeros. > > Then I drop the volume and set up luks normally.
Nice trick. Does this saturate the disk speed? Last time I had to do this I compiled my own random generator, using some code from a research article. That was fast C code, when compiled for x86_64 with good gcc options the speed (>/dev/null) was 1.75GB/s (!!!). -- Roberto Ragusa mail at robertoragusa.it -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
