On 1/27/19 6:47 PM, Wolfgang Pfeiffer wrote:
On Sun, Jan 27, 2019 at 10:44:52PM +0000, Patrick O'Callaghan wrote:
If it's not being read and rewritten, it's not being encrypted.
Yes, something like that is what I suspect: The actual data on disk would be left untouched when the *disk/partition* is encrypted. I had a look through documents explaining luks, and again and again the topic is "disk" encryption, not "data" encryption. So maybe all that happens is that - to use a picture - a high security prison (some sort of crypto layer) is built around the data on disk, while leaving the actual data untouched, and non-encrypted.
In other words: It seems the file system is encrypted, not the data: see the already mentioned FAQ: "Create the LUKS container" - at the end of the section: "Done. You can now use the encrypted file system to store data"
From your first message where you described this, the first part is setting up the container. That doesn't encrypt any data at first, only when something is written does it get encrypted. Further down in your email, you describe the command of writing /dev/zero to the encrypted disk container. That is what writes the "random" data to the disk and would not require reading first. But in any case, as has already been mentioned multiple times, this still is not going to be faster than using /dev/urandom.