On Tue, 2013-09-10 at 03:31 -0700, ian_bruce@fastmail.net wrote: > <ben@decadent.org.uk> wrote: > > > I have to wonder why this is so slow. We should be able to write > > about 100 MB/s sequentially to a recent HD, so 750 GB would take > > about 2 hours and not 36 hours. > > I chose an encrypted swap volume, of size 16GB. > > The Debian installer took close to an hour to wipe this. This result > is comparable to the speed reported upthread, five or six megabytes > per second, a truly absurd speed when the underlying disk is capable > of at least twenty times that. > > > Is encryption really that expensive, and if so can we fix this by > > adding accelerated crypto drivers to d-i (such as aesni_intel)? > > It should be clear that if all you want to do is wipe some disk > volume, by writing either zeros or random data to it, YOU DON'T HAVE > TO ENCRYPT THAT DATA, even if that volume will later be used for > encrypted data. It is of no use whatsoever to encrypt the wipe data. > > In other words: wipe the underlying real volume, preferably with zeros > so as not to waste time computing /dev/urandom; don't wipe the > dm-crypt volume layered on top of it. [...] If you fill it with plaintext zeroes then that leaks metadata: an attacker who obtains the disk can get a good idea of how many files are on the disk and how large they are, simply by which blocks are non-zero. But I suspect this is not usually very useful metadata, so filling the disk with non-zero may not be the right default. (And SSDs should be a good deal efficient if you 'zero-fill' them by discarding the entire partition.) As for whether non-zero data should be taken from /dev/urandom or encrypted as normal... I don't know, but the output of /dev/urandom might be distinguishable if the kernel is gathering very little real entropy. Ben. -- Ben Hutchings The program is absolutely right; therefore, the computer must be wrong.
Attachment:
signature.asc
Description: This is a digitally signed message part