From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <arno@wagner.name>
Received: from v1.tansi.org (mail.tansi.org [84.19.178.47])
 by mail.server123.net (Postfix) with ESMTP
 for <dm-crypt@saout.de>; Mon, 29 Jun 2020 12:31:43 +0200 (CEST)
Received: from gatewagner.dyndns.org (81-6-44-245.init7.net [81.6.44.245])
 by v1.tansi.org (Postfix) with ESMTPA id 175FA1400D5
 for <dm-crypt@saout.de>; Mon, 29 Jun 2020 12:31:41 +0200 (CEST)
Date: Mon, 29 Jun 2020 12:31:42 +0200
From: Arno Wagner <arno@wagner.name>
Message-ID: <20200629103142.GA9221@tansi.org>
References: <a93ee48f-7fc2-bf4e-e712-b0cfca309564@gmx.ch>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <a93ee48f-7fc2-bf4e-e712-b0cfca309564@gmx.ch>
Subject: Re: [dm-crypt] couple of questions related to using crypto map
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <https://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <https://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <https://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On Mon, Jun 29, 2020 at 02:13:21 CEST, Fourhundred Thecat wrote:
> Hello,
> 
> after some experiments, I came up with following 4 questions. I think
> that the answer to all of them is yes, but I would like to confirm this
> with the experts here:
> 
> 1)
> A crypto map aes-xts-plain64:sha512 with a random 512bit key is created
> over a block device. When zeroes are written to the device through the
> crypto map (encrypting), does it generate quality random data on the
> block device (comparable to /dev/urandom)?

Well, yes and no. Yes, if you just ise it once. No, as it gets
written to disk and that is it.
 
> 2)
> The same crypto map over a block device, but the block devices contains
> zeroes. When I read data, will it generate quality random data?
> (comparable to /dev/urandom or a random number generator?)

See above.

> 3)
> If yes should it be the fastest way to generate random data on a typical
> Linux computer, compared to reading /dev/urandom? (especially when
> having AES instruction support in the CPU)

No. /dev/urandom has gotten a lot faster. 

> 4)
> If the data obtained by reading from the zeroed device through that
> crypto map (aes-xts-plain64:sha512) is written back to the block device
> (using the same crypto map and key), will you get the original data? (in
> this example zeros). 

That is how disk encryption works, at least when you do not have
per-sector metadata and LUKS does not.

Regards,
Arno
-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier