1

I recently experimented with different methods of disk randomization to find what would get the job done fastest. The openssl random number generator with AES in counter mode was said to be pretty fast, so I tried piping its output to dd (to limit the total number of output bytes and to optimize for disk sector size). See here for the invocation. Using this technique, I was able to write out to the raw disk at a sustained rate around 30 MB/s.

Using the shred utility alone (in single-pass mode, using /dev/urandom as the RNG), the sustained write rate was well under 10 MB/s.

However, using the shred with the openssl generator, I was able to sustain write speeds of about 1.5 GB/s:

mkfifo rand
openssl enc -aes-256-ctr -pass pass:"$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64)" -nosalt </dev/zero >rand &
shred --verbose --random-source=rand -n1 /dev/sda
rm rand

I hadn't observed speeds anywhere near this rate (either in terms of random number streaming or raw IO speed) before this point, so I'm wondering if this means that shred is somehow taking (insecure) shortcuts. I realize that shred itself is probably only using the given random number generator to seed its own, faster PRNG, but is AES actually that much faster than /dev/urandom? Or is something else happening under the hood?

Community
  • 1
Ben Sidhom
  • 119
  • 2

1 Answers1

1

The answer is 'it depends how much you care'. There's a lot of research into 'good' random number generation for crypto purposes, because a poor PRNG can make some ciphers vulnerable.

However I'd suggest that for disk wiping, it's something of a moot point. If you overwrite with random - even if it's not 'crypto grade' random - then you make it really hard to read back the contents of the disk - it will take significant effort and an electron microscope, at which point the reconstruction of your 'random' algorithm is probably the least of your concerns.

If you are particular concerned about that threat, then the only real answer is physically destroying your drives. Hard disk shredders are rather fun, but generally considered a bit extreme for general use.

Sobrique
  • 3,697
  • 2
  • 14
  • 34
  • Actually, my concern was more to randomize the data on disk than to wipe existing data. That way somebody viewing the raw data could not distinguish significant data on an encrypted file system from random data already on disk. – Ben Sidhom Jun 11 '14 at 16:42