On Mon, Dec 03, 2012 at 08:35:12AM +0100, Mathijs Kwik wrote: > Shea Levy <[email protected]> writes: > > > On 11/29/2012 02:00 AM, Mathijs Kwik wrote: > > > > While at the subject of random number generation, I would like to plug > > the "frandom" package > > (+kernel module), , as it has been very useful to me. It is available > > in NixOS through the use of > > services.frandom.enable = true. > > > > It uses the kernel random device but provides an extremely fast > > /dev/frandom to use from > > userspace (20x speedup compared to /dev/urandom on my system). This > > makes it the perfect source > > for filling up disks before putting some full-disk-encryption on top > > of. > > > > Something I've never understood about this technique... Why not just zero > > out the encrypted block > > device? Won't that make the underlying device look effectively random? > > It should indeed. > I'm not a crypto expert at all, but I would think that knowing something > about the data that's encrypted might give some advantage for cracking > it. Also, if you choose to not zero out the full encrypted block > device, but first put some partitions/volumes in it, then zero those, > the fact you have these partitions/volumes might bleed through. > > But like you say, it should just suffice. The only reason I do it like > this is because almost every howto states you should do it.
I've the impression that encryption can bring cracking time from 5 minutes to 100 years, and then features like this filling of random data increase from 100 years to 200 years. :) Regards, Lluís. _______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
