On 1/26/19 5:29 PM, Wolfgang Pfeiffer wrote:
I think, yes: simply encrypting the whole disk should do it: IIRC
this
should be *a lot* faster than piping /dev/urandom to a disk, or even
using shred:
Encrypting the whole disk involves writing the same amount of data, so
it can't be faster.
Excerpt from
/usr/share/doc/cryptsetup/FAQ :
------------------------------------------------------------
* 2.19 How can I wipe a device with crypto-grade randomness?
The conventional recommendation if you want to not just do a
zero-wipe is to use something like
cat /dev/urandom > <taget-device>
That is very slow and painful at 10-20MB/s on a fast computer.
Using cryptsetup and a plain dm-crypt device with a random key,
it is much faster and gives you the same level of security. The
defaults are quite enough.
This must be a really old FAQ. My laptop can generate urandom at 275
MB/s, which is faster than even most SSDs could write. Also, I don't
understand how a cryptographically secure process could be faster than
urandom, unless it's using hardware cryptography.