On Mon, Mar 26, 2012 at 6:55 PM, Chris Murphy <li...@colorremedies.com> wrote: > So then the question is, if urandom is what's recommended, are faster > substitutes just as good? If they are just as good, then why aren't they the > first recommendation? And if this step is superfluous, then I'd suggest > documentation be changed to eliminate the suggestion altogether.
Personally, I setup dmcrypt (w/o luks) first using /dev/urandom as the key and one of the secure block modes (e.g. aes-lrw or aes-essiv). Then I fill the dmcrypt device with /dev/zero. This goes fairly fast, filling the device with securely encrypted zeros. Then I drop the volume and set up luks normally. From a security perspective an attack which allowed the attacker to distinguish the randomly encrypted /dev/zero from your other data would be a fairly bad vulnerability generally against the encrypted volume... much worse than the information leak wrt used blocks. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
