30 Jan
2019
30 Jan
'19
8:15 a.m.
On 1/30/19 12:48 AM, Gordon Messmer wrote:
Both the filesystem and your data are encrypted when using dm-crypt (whether you use LUKS or not). However, creating a dm-crypt device doesn't modify the pre-existing data. It only writes encrypted data to the disk when data is written to the virtual device.
Does that make sense?
Yes, and the reason for doing this is that encrypting some zeros can be faster than reading from /dev/urandom. I know for sure that /dev/urandom is (or was) not always able to saturate the speed of a disk (or SSD), while dmcrypt with modern hardware (AES instructions in the CPU) is always fast enough.
Regards.
--
Roberto Ragusa mail at robertoragusa.it