Results 1 to 5 of 5

Thread: pre-encryption disk randomization

  1. #1
    Join Date
    Jun 2008
    Beans
    1

    pre-encryption disk randomization

    Hi,
    I have been following the tutorial at Ubuntu Tutorials: 7 Steps To An Encrypted Partition (local or removable disk) by Christer Edwards.
    From Step 4:
    We’ll write data over the newly created partition to help aid in the encryption process. By writing data to the partition prior to encryption it helps protect against data attacks, finding patterns on the block-level, etc. You can use one of the following three commands:
    ...
    sudo dd if=/dev/urandom of=/dev/sda bs=4K

    On my system [1.8GHz Pentiuim 4/512Mb RAM/750Gb (New) HDD/8.10 Live CD] this will produce 1.8Mb of data per second - which will take 5 days to complete! Reading from /dev/zero procudes 67Mb/s transfer.

    Would like to know:
    • Relative benefit of this process on a new hard drive (compare ubuntu encrypted install does not randomize disk)?
    • Would I expect better performance if the process was run on a proper install and not a Live CD?
    • Would performance improve if some music played in the background to seed urandom?

    Thanks in advance

  2. #2
    Join Date
    Jun 2006
    Location
    Switzerland
    Beans
    Hidden!
    Distro
    Kubuntu Jaunty Jackalope (testing)

    Re: pre-encryption disk randomization

    if it's a new disk, then you don't really need to delete evidence that's on there...

    if you use the alternate installer, you can fully encrypt your system from installation, it will then also randomize the data on there but it will take a lot less time.

  3. #3
    Join Date
    Feb 2007
    Location
    Montreal, Canada
    Beans
    191

    Re: pre-encryption disk randomization

    Quote Originally Posted by hyper_ch View Post
    if it's a new disk, then you don't really need to delete evidence that's on there...

    if you use the alternate installer, you can fully encrypt your system from installation, it will then also randomize the data on there but it will take a lot less time.
    My experience with the randomization of the HD in the alternate installer is different. It stalled after a while, probably due to a lack on entropy. the dd if=/dev/urandom was way faster.

    If the HD is new then it is true that there is no data to erase so writing random data seems superfluous. However, if after encryption the empty sectors are still 00 then it would give some information to a potential attacker on what could possibly be on the drive. Depending on your paranoia level (IMHO, aluminium foil hat or higher), this is something bad

  4. #4
    Join Date
    Jun 2006
    Location
    Switzerland
    Beans
    Hidden!
    Distro
    Kubuntu Jaunty Jackalope (testing)

    Re: pre-encryption disk randomization

    dd /dev/urandom takes on my 500 GB disk about 2 1/2 days... the installer takes about 2h

  5. #5
    Join Date
    Oct 2005
    Location
    Al Ain
    Beans
    8,957

    Re: pre-encryption disk randomization

    If the encryption is any good, then the pre-writing won't make any difference. If the encryption is not any good, then don't use it...

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •