On Tue, Jul 10, 2001 at 10:38:00PM +0200, peter k. wrote: > 1) if an attacker has got some files which are on an (AES) encrypted device, > will he be able to decrypt the whole device? It might help slightly, ie Known Plaintext Attack, but probably not a lot. > 2) is it a good idea to run "cat /dev/zero > zero.file; shred -uv zero.file" > on (AES) encrypted devices to overwrite all free space with random data [to > remove any encrypted data which is left from deleted files from the device > behind the loopback device and confuse attackers]? Depends on your paranoia level. If you think your key was compromised you might do something like this; I don't see why'd you zero before shredding. Personally I prefer wipe. Slow, but fairly certain. In the passed I zeroed my loopbacks; but I like the idea of using /dev/random for the job... although the thought of doing that over 10-20GB gives me thoughts of going on vacation for 2 weeks while it runs. > the brackets in "(AES)" mean that i'd like to know if the answer applies to > AES only or also other cyphers (i guess so?) Depends on the size of the keyspace. I imagine you get more information from a known plaintext attack if the keyspace is smaller, ie as in DES-56 or other low quality cipher. -- ------------------------------------------------------ Use Linux: A computer Dale Amon, CEO/MD is a terrible thing Village Networking Ltd to waste. Belfast, Northern Ireland ------------------------------------------------------ Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
