On Sun, 03 Aug 2014 18:20:19 +1000 Andrew McGlashan <andrew.mcglashan@affinityvision.com.au> wrote: > After you have formatted your volume, but before you start using > it, you use dd to write /dev/zero to the entire volume -- due to > the encryption process, those zeros will be just random data based > on the key, it should be quicker that way ... calculated data for > zero for that particular byte of the disk, rather than blocking > on /dev/random or being /less/ real random by using /dev/urandom. I do not agree with that because using only zeros makes the result part predictable for the attacker: if he knows what you wrote, he has a (very) large part of the cryptanalysis done… This is 1.0.1 of cryptanalysis: if you know what's encrypted you'll know how it was done. On the other hand, using /dev/urandom, even if it is not 100% truly randomness, makes the analysis extremely difficult to conduct because the attacker can't say if he's analysing randomness or encrypted data (as far as the encrypted layer is underlying to the FS of course). -- santx: I saw something suspicious in my stats today gore: visitors? xD santx: petit asshole
Attachment:
signature.asc
Description: PGP signature