[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How long will this take?

On Fri 26 Jun 2020 at 15:06:31 (-0700), David Christensen wrote:
> On 2020-06-26 06:07, David Wright wrote:
> > On Fri 19 Jun 2020 at 14:52:11 (-0700), David Christensen wrote:
> 
> > > Benchmark is one thing.  But, from a security viewpoint, writing zeros
> > > to an encrypted volume amounts to providing blocks of plaintext for
> > > corresponding blocks of cyphertext, thereby facilitating
> > > cryptanalysis.
> > 
> > So in view of the unlikelihood of badblocks actually logging something
> > more useful than SMART (where available) or normal disk write errors,
> > perhaps a compromise (for my use case) is to just write /dev/urandom
> > rather than /dev/zero.
> 
> Copying random data to a partition while creating an encrypted
> filesystem provides a high-entropy backdrop to conceal ciphertext
> blocks.  This is a form of steganography.  The Debian Installer manual
> partitioning page has an option to do this.

I presume you meet this option when you select "Configure encrypted volumes",
something that I've never done. Because currently I only encrypt /home
and swap, I set these up after installation, if they're not already there.

I must admit that I prefer to partition disks and set up encryption
outside the d-i, usually capturing the process with script.

> As the storage is used, the initial random blocks will be overwritten
> by ciphertext blocks.  Depending upon filesystem, encryption, volume
> management, and/or device details, the steganography degrades and may
> eventually disappear.
> 
> Copying random data to storage will add fresh nearly-random blocks on
> the device, improving the steganography.  (The canonical example is to
> copy /dev/urandom to a file until the filesystem fills up, and then
> delete the file.  But, this takes time and adds wear to the device.)

Yes, SSD caveat taken on board.

> > On this slow machine with an oldish PATA disk,
> > I can get about 75% speed from urandom, 15MB/s vs 20MB/s on a 29GiB
> > partition (no encryption). There's a noticeable slowdown because,
> > I presume, the machine runs a bit short of entropy after a while.
> 
> I think you are noticing a slowdown when the Linux write buffer fills.

I'm not sure where these write buffers might be hiding: the
2000-vintage PC has 512MB memory, and the same size swap partition,
though the latter is on a disk constructed one month earlier than the
target disk (Feb/Mar 2008). The target disk has 8MB of cache.
With a leisurely determination of dd's PID, my first USR1 poke
occurred no earlier than after 4GB of copying, over three minutes in.

Cheers,
David.
Reply to: