On 1/26/19 5:29 PM, Wolfgang Pfeiffer wrote:
I think, yes: simply encrypting the whole disk should do it: IIRC this should be *a lot* faster than piping /dev/urandom to a disk, or even using shred:
Encrypting the whole disk involves writing the same amount of data, so it can't be faster.
Excerpt from /usr/share/doc/cryptsetup/FAQ :
- 2.19 How can I wipe a device with crypto-grade randomness?
The conventional recommendation if you want to not just do a zero-wipe is to use something like
cat /dev/urandom > <taget-device>
That is very slow and painful at 10-20MB/s on a fast computer. Using cryptsetup and a plain dm-crypt device with a random key, it is much faster and gives you the same level of security. The defaults are quite enough.
This must be a really old FAQ. My laptop can generate urandom at 275 MB/s, which is faster than even most SSDs could write. Also, I don't understand how a cryptographically secure process could be faster than urandom, unless it's using hardware cryptography.