On 1/30/19 12:48 AM, Gordon Messmer wrote:
Both the filesystem and your data are encrypted when using dm-crypt
(whether you use LUKS or not). However, creating a dm-crypt device doesn't modify the
pre-existing data. It only writes encrypted data to the disk when data is written to the
virtual device.
Does that make sense?
Yes, and the reason for doing this is that encrypting some zeros can be faster than
reading from /dev/urandom.
I know for sure that /dev/urandom is (or was) not always able to saturate the speed of a
disk (or SSD), while
dmcrypt with modern hardware (AES instructions in the CPU) is always fast enough.
Regards.
--
Roberto Ragusa mail at robertoragusa.it