Re: Encrypting an External HDD

To: debian-user@lists.debian.org
Subject: Re: Encrypting an External HDD
From: David Christensen <dpchrist@holgerdanske.com>
Date: Fri, 17 Apr 2015 12:08:31 -0700
Message-id: <[🔎] 55315A2F.2080906@holgerdanske.com>
In-reply-to: <[🔎] 20150416215613.b9117149f674e461d19e4a25@gmail.com>
References: <[🔎] 20150415075320.78d581ff@lapsdeb> <[🔎] 201504151417.48084.frederic.marchal@wowtechnology.com> <[🔎] 552E83FC.4090904@holgerdanske.com> <[🔎] 20150416215613.b9117149f674e461d19e4a25@gmail.com>

I don't think it's quite this simple:

On 04/16/2015 06:56 PM, Celejar wrote:
> I don't think it's quite this simple:
> 1) OpenSSl thinks /dev/urandom is good enough for crypto:
> https://www.openssl.org/support/faq.html#USER1
> 2) Perl's Math::Random::Secure also thinks it's generally good enough:

>http://search.cpan.org/~mkanat/Math-Random-Secure-0.06/lib/Math/Random/Secure.pm#Making_Math::Random::Secure_Even_More_Secure

> 3) Read these guys (don't know how correct they are):
> http://www.2uo.de/myths-about-urandom/
> http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/

It seems that nothing is simple in mathematics, computer science, orcryptography. ;-)



I follow this advise for keys:

    2015-04-17 11:26:44 dpchrist@t2250 ~
    $ man random | grep -A 6 Usage
       Usage
           If  you  are  unsure  about  whether  you  should   use
           /dev/random  or /dev/urandom, then probably you want to
           use the latter.  As a general rule, /dev/urandom should
           be  used  for  everything except long-lived GPG/SSL/SSH
           keys.


Doing some quick benchmarking (see console session, below):

1. I use 'shred' when I want to fill a disk or partition with randomnumbers. It is ~1.7 orders of magnitude faster than /etc/urandom.

2. Perl's Math::Random::ISAAC::XS is only slightly faster than/dev/urandom.



David



2015-04-17 11:50:24 dpchrist@t2250 ~
$ time dd if=/dev/urandom of=/dev/null bs=1M count=100 2>/dev/null

real	0m20.302s
user	0m0.000s
sys	0m20.285s



2015-04-17 11:52:31 dpchrist@t2250 ~
$ time shred -s 100M - > /dev/null
real	0m0.407s
user	0m0.380s
sys	0m0.020s

2015-04-17 11:52:39 dpchrist@t2250 ~
$ time shred -s 1000M - > /dev/null

real	0m5.377s
user	0m5.068s
sys	0m0.084s

2015-04-17 11:52:48 dpchrist@t2250 ~
$ time shred -s 10000M - > /dev/null

real	0m38.150s
user	0m37.554s
sys	0m0.552s



2015-04-17 12:02:00 dpchrist@t2250 ~

$ time perl -MMath::Random::ISAAC::XS -e'$r=Math::Random::ISAAC::XS->new(time);while(print $r->irand){}' | ddiflag=fullblock of=/dev/null bs=1M count=100 2>/dev/null


real	0m18.277s
user	0m18.201s
sys	0m0.280s

Reply to:

Follow-Ups:
- Re: Encrypting an External HDD
  - From: Reco <recoverym4n@gmail.com>

References:
- Encrypting an External HDD
  - From: Stephen R Guglielmo <srguglielmo@gmail.com>
- Re: Encrypting an External HDD
  - From: Frédéric Marchal <frederic.marchal@wowtechnology.com>
- Re: Encrypting an External HDD
  - From: David Christensen <dpchrist@holgerdanske.com>
- Re: Encrypting an External HDD
  - From: Celejar <celejar@gmail.com>

Prev by Date: Re: I need guidance about how to configure a newly installed Jessie
Next by Date: Re: wheezy drive recognition?
Previous by thread: Re: Encrypting an External HDD
Next by thread: Re: Encrypting an External HDD
Index(es):
- Date
- Thread