From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from srve.com (srve.com [208.69.183.6]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Wed, 19 Mar 2014 00:42:25 +0100 (CET) Date: Wed, 19 Mar 2014 09:41:07 +1000 From: Chris Drake Message-ID: <198453472.20140319094107@CryptoPhoto.com> In-Reply-To: References: <20140318023351.GA20894@tansi.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] Filling a disk with random data - use a hige bs= to speed it up List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de Hi Robert, Remember to use a sensible bs= parameter on "dd" - maybe bs=8225280 instead of bs=4096 - writing one-block-at-a-time (bs=4096) would take *days* (weeks even!) to fill a modern large drive! Kind Regards, Chris Drake p.s. 8225280 is one whole track on older drives. Wednesday, March 19, 2014, 8:20:47 AM, you wrote: RN> On 03/17/2014 09:33 PM, Arno Wagner wrote: >> On Mon, Mar 17, 2014 at 19:55:05 CET, Cpp wrote: >>> # cryptsetup -c aes-xts-plain64 -h sha512 -s 512 -d /dev/urandom open >>> /dev/sda --type plain cryptroot >> >> Make ist easier on you, the defaults are really quite enough: >> >> # cryptsetup create -d /dev/urandom /dev/sda cryptroot >> >>> # dd if=/dev/zero of=/dev/mapper/cryptroot bs=4096 >> >>> My question is are there any serious drawbacks of using this method in >>> place of the urandom one? >> >> None. RN> Glad to hear it, since I've been doing that all along. If you happen RN> to be doing this with an old cryptsetup, you want to select an IV RN> that does not repeat on a large volume. This, for example would be RN> a poor choice (from cryptsetup 1.1.3): RN> Default compiled-in device cipher parameters: RN> plain: aes-cbc-plain, Key: 256 bits, Password hashing: ripemd160