Secure data scrambler

Famous example rewritten in more secure way by passing random password using process substitution

function scramble {
    # Famous example rewritten in more secure way by passing random password using a pipe
    openssl enc -aes-256-ctr -pbkdf2 -nosalt \
        -pass file:<(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64) \
        </dev/zero 2>/dev/null \
    | sudo dd status=progress iflag=fullblock bs=8M of=$1 oflag=direct
}

## Usage sample
# for (( i = 3 ; i ; i-- ))
# do
#     scramble /dev/foo
# done

## Other auxiliaries
# sudo dd status=progress iflag=fullblock bs=8M if=/dev/zero of=/dev/foo oflag=direct
# sudo badblocks -b 512 -c 8192 -s -w /dev/foo

Notes

• More on -pbkdf2: https://askubuntu.com/a/1126882.

• Why iflag=fullblock? – For the case when dd’s count is in use: https://unix.stackexchange.com/a/121868.

• Mind 2>/dev/nulls to suppress dd’s output and openssl’s message on broken pipe (https://unix.stackexchange.com/a/248261).

• When direct I/O may fail: https://stackoverflow.com/questions/13115819/reasons-for-direct-io-failure.

• Also: https://superuser.com/a/793003.

• PS. A nice thread on AES encryption modes https://stackoverflow.com/questions/1220751/how-to-choose-an-aes-encryption-mode-cbc-ecb-ctr-ocb-cfb.

Src | Discussion

https://gist.github.com/vpag/8ffa730c86dc766fe3566d91d5a7da72