Re: [partman-crypto] Trying to understand crypto_do_wipe ( )

To: "Oei, YC" <oei.yungchin@gmail.com>
Cc: debian-boot@lists.debian.org
Subject: Re: [partman-crypto] Trying to understand crypto_do_wipe ( )
From: David Härdeman <david@hardeman.nu>
Date: Mon, 8 Sep 2008 01:03:18 +0200
Message-id: <[🔎] 20080907230318.GB25998@hardeman.nu>
Mail-followup-to: "Oei, YC" <oei.yungchin@gmail.com>, debian-boot@lists.debian.org
In-reply-to: <[🔎] 36369f4b0809070441h4e9c9b6ey494810912b21bf6b@mail.gmail.com>
References: <[🔎] 36369f4b0809070441h4e9c9b6ey494810912b21bf6b@mail.gmail.com>

On Sun, Sep 07, 2008 at 12:41:14PM +0100, Oei, YC wrote:

I was looking at the code that writes random data to disk as part of
setting up an encrypted partition. The main reason I was interested is
that it seems to be quite a lot faster than something like "dd
if=/dev/urandom of=/dev/sdx", and so I wanted to know how it works.
However, as far as I understand the code now, it seems to be writing
zeroes rather than random data (!).

You missed the interaction between crypto_wipe_device() andcrypto_do_wipe().

crypto_wipe_device() will first setup a crypt-device using a randompassphrase, then write data to the crypted device. After that is done,the crypt-device is unmounted and the key is effectively lost andforgotten...the result should be indistinguishable from "truely" randomdata for all practical purposes.


--
David Härdeman

Reply to:

Follow-Ups:
- Re: [partman-crypto] Trying to understand crypto_do_wipe ( )
  - From: "Oei, YC" <oei.yungchin@gmail.com>

References:
- [partman-crypto] Trying to understand crypto_do_wipe ( )
  - From: "Oei, YC" <oei.yungchin@gmail.com>

Prev by Date: Re: Status of multipath support in d-i
Next by Date: Bug#498199: d-i cannot use existing encrypted partition
Previous by thread: [partman-crypto] Trying to understand crypto_do_wipe ( )
Next by thread: Re: [partman-crypto] Trying to understand crypto_do_wipe ( )
Index(es):
- Date
- Thread