LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware - Installation (https://www.linuxquestions.org/questions/slackware-installation-40/)
-   -   Speeding up dd urandom for encrypted lvm partition (https://www.linuxquestions.org/questions/slackware-installation-40/speeding-up-dd-urandom-for-encrypted-lvm-partition-4175589649/)

Slakerlife 09-17-2016 11:58 PM
Speeding up dd urandom for encrypted lvm partition
 
Hello

I have an old machine which i would like to use Slackware 14.2 ,on the readme crpy document it says that one can use the following command
Dd if=/dev/urandom of=/dev/sdx2

I was using the above command prior to creating my lvm on a 450Gb partition. 25hrs has gone by when I lost power to the computer as you can I guess I have to start over again which I'm not really happy about it, so I was wondering if there is a way to speed up the urandom process? I read frandom is suposed to be faster but when I try that command it tells me it can not find a file or something. Any help or questions are welcome


http://ftp.slackware.com/pub/slackwa...ADME_CRYPT.TXT

syg00 09-18-2016 12:12 AM
Read the sentence prior to that command.
Pointless IMHO.

Slakerlife 09-18-2016 08:26 AM
Syg00, are you referring to the sentence on the Readme file? About someone being able to determine where a encrypted partition ends or start?. I see your point I was thinking the same because after all I'm encrypting my entire second partition, but regardless I would like to find out if there is a way to speed it up, I would like to even know if there is a command to determine how long I would take to do the entire partition prior to starting the process

dijetlo 09-18-2016 09:29 AM
Urandom is set by "noise". packet entropy, device drivers, et al, so putting it on a network segment while you randomize it would probably help.

rknichols 09-18-2016 09:49 AM
Quote:
Originally Posted by Slakerlife (Post 5606738)
I have an old machine which i would like to use Slackware 14.2 ,on the readme crpy document it says that one can use the following command
Dd if=/dev/urandom of=/dev/sdx2

I was using the above command prior to creating my lvm on a 450Gb partition. 25hrs has gone by ...
It is way faster to encrypt zeros with a random key and use that to fill the partition:
Code:
cryptsetup create --key-file /dev/urandom stuffit /dev/sdx2
dd if=/dev/zero of=/dev/mapper/stuffit bs=256k
cryptsetup remove stuffit
The partition is now filled with data indistinguishable from random numbers, and the key to decrypt that was not saved.

Slakerlife 09-18-2016 04:02 PM
Quote:
Originally Posted by rknichols (Post 5606881)
It is way faster to encrypt zeros with a random key and use that to fill the partition:
Code:
cryptsetup create --key-file /dev/urandom stuffit /dev/sdx2
dd if=/dev/zero of=/dev/mapper/stuffit bs=256k
cryptsetup remove stuffit
The partition is now filled with data indistinguishable from random numbers, and the key to decrypt that was not saved.
Rknichols, I'm assuming that those are 3 separate commands right? If so when I execute the dd if=/dev/zero of=/dev/mapper/stuffit bs=256k, do I need to specify again sda2 or no because I did that on the first command

Thanks

TracyTiger 09-18-2016 06:10 PM
Use /dev/mapper/stuffit
 
Quote:
Originally Posted by Slakerlife (Post 5606994)
do I need to specify again sda2 or no because I did that on the first command
Butting in here, in case rnichols doesn't respond for quite a while ...

You are correct, you do NOT need to refer to /dev/sda2 in the dd command.

The output file ("of=") needs to be the /dev/mapper/stuffit so that the output will be encrypted. The encryption happens automatically by using the /dev/mapper/stuffit device.

The device /dev/mapper/stuffit is "mapped" to /dev/sda2.

rknichols 09-18-2016 07:35 PM
Quote:
Originally Posted by TracyTiger (Post 5607033)
The output file ("of=") needs to be the /dev/mapper/stuffit so that the output will be encrypted. The encryption happens automatically by using the /dev/mapper/stuffit device.

The device /dev/mapper/stuffit is "mapped" to /dev/sda2.
Indeed. The cryptsetup command sets up a tube with /dev/mapper/stuffit on one end and /dev/sda2 on the other. You stuff zeros into the "stuffit" end, and encrypted zeros come out the other end and go into the partition. And yes, you can read those zeros back from /dev/mapper/stuffit until you tear down the tube with the "cryptsetup remove" command. That tube can't be set up again because the encryption key is no longer known.

Slakerlife 09-19-2016 08:51 AM
Quote:
Originally Posted by rknichols (Post 5607045)
Indeed. The cryptsetup command sets up a tube with /dev/mapper/stuffit on one end and /dev/sda2 on the other. You stuff zeros into the "stuffit" end, and encrypted zeros come out the other end and go into the partition. And yes, you can read those zeros back from /dev/mapper/stuffit until you tear down the tube with the "cryptsetup remove" command. That tube can't be set up again because the encryption key is no longer known.
Rknichols, this command worked like a charm, it finished the 450Gb in about 2.5hrs, much better than waiting 25+hrs. I'm curious to know if the command is even required if your encrypting the entire drive?

rknichols 09-19-2016 10:03 AM
Quote:
Originally Posted by Slakerlife (Post 5607266)
I'm curious to know if the command is even required if your encrypting the entire drive?
Not at all required. It just serves to hide the distinction between the free and used parts of the filesystem, which could reveal something about the type of filesystem and possibly the sizes of some of the files.


All times are GMT -5. The time now is 03:56 AM.