On 11/29/2012 02:00 AM, Mathijs Kwik wrote:
While at the subject of random number generation, I would like to plug
the "frandom" package (+kernel module), , as it has been very useful
to me. It is available in NixOS through the use of
services.frandom.enable = true.
It uses the kernel random device but provides an extremely fast
/dev/frandom to use from userspace (20x speedup compared to
/dev/urandom on my system). This makes it the perfect source for
filling up disks before putting some full-disk-encryption on top of.
Something I've never understood about this technique... Why not just
zero out the encrypted block device? Won't that make the underlying
device look effectively random?
Failing to do so will make a disk vulnerable to forensic analysis, as
untouched/empty spots "shine through", but filling a 3TB disk with
/dev/urandom just takes the fun out of your newly-bought disk as it
will take more than 3 days. frandom will do so in a matter of hours
(for non-ssd disks, disk write speed will be the bottleneck, making a
wipe essentially as fast as dd'ing with /dev/zero.).
I understand rngd is about the opposite functionality (getting random
into the kernel instead of out), so this was probably a bit off-topic ;)
On Thu, Nov 29, 2012 at 1:08 AM, Peter Simons <[email protected]
<mailto:[email protected]>> wrote:
Hi Shea,
> If your cpu doesn't support RdRand and you don't have either of
those
> devices, rngd won't get triggered to start (and if it did, it would
> fail on startup).
ah, I see. I didn't know about the RdRand CPU instruction. Thank
you for
the explanation.
Take care,
Peter
_______________________________________________
nix-dev mailing list
[email protected] <mailto:[email protected]>
http://lists.science.uu.nl/mailman/listinfo/nix-dev
_______________________________________________
nix-dev mailing list
[email protected]
http://lists.science.uu.nl/mailman/listinfo/nix-dev
_______________________________________________
nix-dev mailing list
[email protected]
http://lists.science.uu.nl/mailman/listinfo/nix-dev
