[partman-crypto] Trying to understand crypto_do_wipe ( )
Dear all, I was looking at the code that writes random data to disk as part of setting up an encrypted partition. The main reason I was interested is that it seems to be quite a lot faster than something like "dd if=/dev/urandom of=/dev/sdx", and so I wanted to know how it works. However, as far as I understand the code now, it seems to be writing zeroes rather than random data (!). I'm a very inexperienced user and programmer, so please forgive if I should be completely off base here. Can I ask your help checking on my understanding? Reading the current svn trunk of partman-crypto, I'm looking at lib/crypto-base.sh, starting in crypto_wipe_device ( ). This seems to ask for some confirmations that you really want to wipe the disk, then calls crypto_do_wipe ( ). Now the relevant line there I think is /bin/blockdev-wipe -s 65536 $dev > $fifo & the code for which is in blockdev-wipe/blockdev-wipe.c. In main ( ), I think this tries to read the option "-f" which would specify a source to read from (and note that this is absent from the call quoted above). In it's absence, do_wipe ( ) is then called with source=0. I think with source=0, the char-array buf[] will only be written to once (memset zeroes), and is then used to write to disk from. Is that right? Thanks for your time, Best wishes, Yung-Chin Oei -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [partman-crypto] Trying to understand crypto_do_wipe ( )
On Mon, Sep 8, 2008 at 1:03 AM, David Härdeman <[EMAIL PROTECTED]> wrote: > > crypto_wipe_device() will first setup a crypt-device using a random > passphrase, then write data to the crypted device. After that is done, the > crypt-device is unmounted and the key is effectively lost and > forgotten...the result should be indistinguishable from "truely" random data > for all practical purposes. Many thanks for the fast reply. I completely misread what those lines did and am most grateful for your clear explanation. I would never have come up with this elegant way of wiping the disk. It makes a lot more sense to me than the various accounts I found of using the badblocks utility for that. If I may ask one more question, slightly tangential, just to check if I get it now: when I'm setting up a new crypt-device manually, it should be ok to wipe the disk *after* setting up the crypt_device with the actual passphrase we will be using with it later, is that right? Or would there still be any benefit in doing it beforehand with a temporary crypt-device with a different (perhaps random) passphrase? (If I understand well, the former should be fine assuming that there are no weaknesses in the encryption scheme). Thanks again, Yung-Chin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
