urandom vs haveged

Chris Murphy lists at colorremedies.com
Mon Mar 26 22:55:42 UTC 2012

On Mar 26, 2012, at 4:31 PM, Pádraig Brady wrote:
> Well if you're just writing huge amounts of "random" data
> to clear existing space, then you don't need it to be cryptographically secure.
> Why are you doing this exactly? Would /dev/zero suffice?

In every supposed best practice case of dm-crypt LUKS setup, urandom is used by example. Including by Red Hat and Fedora Projects. The Fedora link says: "You're looking at a process that takes many hours, but it is imperative to do this in order to have good protection against break-in attempts. Just let it run overnight."




So then the question is, if urandom is what's recommended, are faster substitutes just as good? If they are just as good, then why aren't they the first recommendation? And if this step is superfluous, then I'd suggest documentation be changed to eliminate the suggestion altogether.

Chris Murphy

More information about the devel mailing list