too bad it's not an old spnner... just leave it on your speaker magnet overnight. reformat in the morning.
:P Fred On Sun, Jan 27, 2019 at 3:24 PM Patrick O'Callaghan <pocallag...@gmail.com> wrote: > On Sun, 2019-01-27 at 15:06 -0800, Gordon Messmer wrote: > > On 1/27/19 2:44 PM, Patrick O'Callaghan wrote: > > > If it's not being read and rewritten, it's not being encrypted. It's as > > > simple as that. A cryptosystem that doesn't read the plaintext? How > > > does that work? > > > > The suggestion you're replying to didn't encrypt the drive in place. It > > read a stream of zeros from /dev/zero, encrypted that stream, and wrote > > that stream to the disk. Thus, nothing needed to be read from any disk. > > I think the writer *thought* it was encrypting the disk. I may be > wrong, but that's what I was responding to rather than the minutiae of > the actual command. > > Regardless, writing a bunch of encrypted zeroes is no better than > writing plain zeroes or writing random noise, if it's just a single > pass. I think the various answers here are actually addressing slightly > different questions. In my case I'm talking about defence against > physical-level analysis of the disk. > > > However, this whole thread is questionable. It is predicated on the > > assumption that your CPU can encrypt a stream of zeros faster than it > > can generate random data, and also that it can write to its disk faster > > than it can generate random data. If either of those things is not > > true, then using an encrypted volume to "wipe" a drive will be slower > > and more complex, for no benefit. > > > > On my Dell XPS 13, I can read from /dev/urandom at almost exactly the > > same speed that I can write to a dm-crypt block device, so there would > > be no reason to use dm-crypt over simply dd if=/dev/urandom to the drive. > > Of course. > > > (But the point that I was making when I replied to this thread to begin > > with is that if you are concerned with wiping your data from drives, it > > should never have been written to the drive in an unencrypted form to > > begin with. Encrypt your disks. When you want to get rid of them, > > they're already as secure as your passphrase, and you can irrecoverably > > wipe them by simply wiping the key header. It's nearly instantaneous.) > > Again, I agree, but that's not what the OP asked. Telling him "you > should have started with an encrypted disk" is like telling a traveller > who's asking the way to Podunk "start from somewhere else". > > poc > _______________________________________________ > users mailing list -- users@lists.fedoraproject.org > To unsubscribe send an email to users-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org >
_______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
