On Fri 19 Jun 2020 at 14:52:11 (-0700), David Christensen wrote: > On 2020-06-18 19:13, David Wright wrote: > > On Fri 12 Jun 2020 at 07:51:30 (-0400), Michael Stone wrote: > > > On Thu, Jun 11, 2020 at 08:52:10PM -0500, David Wright wrote: > > > > > > The only unaddressed point in my use case is the prevention of a > > > > high-water mark, because zeroing the drive achieves precisely the > > > > opposite. What ought I to be running, instead of badblocks -w -t random, > > > > to achieve that goal? > > > > > > Create the encrypted volume first, then write zeros to it. :) > > > > Duh! That should work a treat. My posting that example bore me fruit. > > Benchmark is one thing. But, from a security viewpoint, writing zeros > to an encrypted volume amounts to providing blocks of plaintext for > corresponding blocks of cyphertext, thereby facilitating > cryptanalysis.
So in view of the unlikelihood of badblocks actually logging something more useful than SMART (where available) or normal disk write errors, perhaps a compromise (for my use case) is to just write /dev/urandom rather than /dev/zero. On this slow machine with an oldish PATA disk, I can get about 75% speed from urandom, 15MB/s vs 20MB/s on a 29GiB partition (no encryption). There's a noticeable slowdown because, I presume, the machine runs a bit short of entropy after a while. Cheers, David.