Walt Mankowski on 4 Mar 2007 22:46:01 -0000 |
On Sun, Mar 04, 2007 at 04:22:28PM -0500, Matthew Rosewarne wrote: > On Sunday 04 March 2007 15:50, Walt Mankowski wrote: > > You'll get some random entropy when you type in the command. > > /dev/urandom will use that up and then use the kernel's random number > > generator. I guess I don't understand why you think this radio scheme > > is a better approach than that. The /dev/urandom approach is a lot > > simpler and will have exactly the same effect of randomizing the disk. > /dev/urandom is typically used for applications requiring data that "looks > pretty random" (games and such), but for cryptographic purposes (such as > making keys) /dev/random is the only way to get truly random data. > While /dev/urandom is probably "good enough" for this purpose, the effect is > _not_ the same. That said, /dev/urandom is much easier and probably > adequately secure for most people who need to wipe a disk. I would submit that /dev/urandom is adequately secure for *everyone* who needs to wipe a disk. Remember, all you're trying to accomplish here is to make it impossible for an attacker to tell the difference between the unallocated sectors and the encrypted sectors. How is your radio entropy any better at this than a random number generator? Keep in mind that even if an attacker can somehow figure this out, they still don't have access to the data in the file system, because that's encrypted. I'd think that any potential cracker, upon seeing the entire drive filled with seemingly random bits, wouldn't even attempt the hack you're thinking of and would go immediately to other means at getting at the data. > I would normally use /dev/urandom if I were in any kind of hurry. I figured > that I might as well try this approach not only because the results would be > somewhat better, but also for Sir Edmund Hillary's reason. Well, it's a free country and you can of course do anything you want. I'd be interested in finding out how long it takes to generate 80 GB of entropy. Walt Attachment:
signature.asc ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|