Re: Wiping disk vs. initializing container

public inbox for cryptsetup@lists.linux.dev
 help / color / mirror / Atom feed

From: bugcounterism@malbolge.net
To: cryptsetup@lists.linux.dev
Cc: Arno Wagner <wagner@arnowagner.info>, Arno Wagner <arno@wagner.name>
Subject: Re: Wiping disk vs. initializing container
Date: Wed, 7 Jun 2023 12:03:31 +0200	[thread overview]
Message-ID: <20230607120331.2125480b@moon> (raw)
In-Reply-To: <20230607033038.GA26586@tansi.org>

Am Wed, 7 Jun 2023 05:30:38 +0200
schrieb Arno Wagner <wagner@arnowagner.info>:

> If it is crypto-grade randomness, yes.
> But note that Section 5.3 may still be faster.

I see.

Now I have some follow-up questions:

1. Would `cat /dev/urandom > /dev/sdX` give me crypto-grade randomness?

2. Is initializing a LUKS container with zeroes equivalent to filling a
   whole drive with crypto-grade random data if the LUKS container
   spans the whole disk?

3. The FAQ says:

     If the target was in use previously, it is a good idea to wipe it
     before creating the LUKS container in order to remove any trace of
     old file systems and data.

   So, isn't just filling the whole disk with random data before setting
   up the LUKS container the simplest solution if you want to a) destroy
   old data reliably, b) put the disk into a clean state, and c) make
   sure that parts of the LUKS container that have not been written to
   cannot be distinguished from those that have?

4. Should new hard disks that have not been used previously also be
   filled with random data in order to achieve c)?

Thanks
Michael

next prev parent reply	other threads:[~2023-06-07 10:02 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-06-06 21:08 Wiping disk vs. initializing container bugcounterism
2023-06-07  3:30 ` Arno Wagner
2023-06-07 10:03   ` bugcounterism [this message]
2023-06-07 11:09     ` Michael Kjörling
2023-06-07 19:23       ` Arno Wagner

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230607120331.2125480b@moon \
    --to=bugcounterism@malbolge.net \
    --cc=arno@wagner.name \
    --cc=cryptsetup@lists.linux.dev \
    --cc=wagner@arnowagner.info \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox