On 1/26/19 5:29 PM, Wolfgang Pfeiffer wrote:
I think, yes: simply encrypting the whole disk should do it: IIRC this should be *a lot* faster than piping /dev/urandom to a disk, or even using shred:
Encrypting the whole disk involves writing the same amount of data, so it can't be faster.
Excerpt from /usr/share/doc/cryptsetup/FAQ : ------------------------------------------------------------ * 2.19 How can I wipe a device with crypto-grade randomness? The conventional recommendation if you want to not just do a zero-wipe is to use something like cat /dev/urandom > <taget-device> That is very slow and painful at 10-20MB/s on a fast computer. Using cryptsetup and a plain dm-crypt device with a random key, it is much faster and gives you the same level of security. The defaults are quite enough.
This must be a really old FAQ. My laptop can generate urandom at 275 MB/s, which is faster than even most SSDs could write. Also, I don't understand how a cryptographically secure process could be faster than urandom, unless it's using hardware cryptography.
_______________________________________________ users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
