From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <glkdd-dm-crypt@m.gmane.org>
Received: from plane.gmane.org (plane.gmane.org [80.91.229.3])
 (using TLSv1 with cipher AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mail.saout.de (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Tue, 18 Mar 2014 23:21:06 +0100 (CET)
Received: from list by plane.gmane.org with local (Exim 4.69)
 (envelope-from <glkdd-dm-crypt@m.gmane.org>) id 1WQ2Nc-0002Sy-2Q
 for dm-crypt@saout.de; Tue, 18 Mar 2014 23:21:04 +0100
Received: from c-98-227-220-190.hsd1.il.comcast.net ([98.227.220.190])
 by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
 id 1AlnuQ-0007hv-00
 for <dm-crypt@saout.de>; Tue, 18 Mar 2014 23:21:04 +0100
Received: from rnicholsNOSPAM by c-98-227-220-190.hsd1.il.comcast.net with
 local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00
 for <dm-crypt@saout.de>; Tue, 18 Mar 2014 23:21:04 +0100
From: Robert Nichols <rnicholsNOSPAM@comcast.net>
Date: Tue, 18 Mar 2014 17:20:47 -0500
Message-ID: <lgagrg$uu1$1@ger.gmane.org>
References: <CAHeB2AnqYM6jNuPgoFULE-xBw7ENrDX7fLbe-YSRHLfgXLz4aA@mail.gmail.com>
 <20140318023351.GA20894@tansi.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
In-Reply-To: <20140318023351.GA20894@tansi.org>
Subject: Re: [dm-crypt] Filling a disk with random data - question
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On 03/17/2014 09:33 PM, Arno Wagner wrote:
> On Mon, Mar 17, 2014 at 19:55:05 CET, Cpp wrote:
>> # cryptsetup -c aes-xts-plain64 -h sha512 -s 512 -d /dev/urandom open
>> /dev/sda --type plain cryptroot
>
> Make ist easier on you, the defaults are really quite enough:
>
> # cryptsetup create -d /dev/urandom /dev/sda cryptroot
>
>> # dd if=/dev/zero of=/dev/mapper/cryptroot bs=4096
>
>> My question is are there any serious drawbacks of using this method in
>> place of the urandom one?
>
> None.

Glad to hear it, since I've been doing that all along.  If you happen
to be doing this with an old cryptsetup, you want to select an IV
that does not repeat on a large volume.  This, for example would be
a poor choice (from cryptsetup 1.1.3):

   Default compiled-in device cipher parameters:
       plain: aes-cbc-plain, Key: 256 bits, Password hashing: ripemd160

-- 
Bob Nichols     "NOSPAM" is really part of my email address.
                 Do NOT delete it.