----- Original Message ----- From: "Dale Amon" <amon@xxxxxxx> To: <linux-crypto@xxxxxxxxxxxx> Sent: Wednesday, July 11, 2001 11:47 AM Subject: Re: (AES) loopback crypto questions > On Tue, Jul 10, 2001 at 10:38:00PM +0200, peter k. wrote: > > 1) if an attacker has got some files which are on an (AES) encrypted device, > > will he be able to decrypt the whole device? > > It might help slightly, ie Known Plaintext Attack, but probably not a lot. > > > 2) is it a good idea to run "cat /dev/zero > zero.file; shred -uv zero.file" > > on (AES) encrypted devices to overwrite all free space with random data [to > > remove any encrypted data which is left from deleted files from the device > > behind the loopback device and confuse attackers]? > > Depends on your paranoia level. If you think your key was compromised > you might do something like this; I don't see why'd you zero before > shredding. Personally I prefer wipe. Slow, but fairly certain. the cat /dev/zero is only used to get a file which is as big as the left freespace on the device, i could also have used "cat /dev/urandom > random.file; rm -f random.file" without shred but shred is much faster than cat /dev/urandom ;) > In the passed I zeroed my loopbacks; but I like the idea of using /dev/random > for the job... although the thought of doing that over 10-20GB gives me > thoughts of going on vacation for 2 weeks while it runs. isnt overwriting it with zero dangerous? or at least worse than random? > > the brackets in "(AES)" mean that i'd like to know if the answer applies to > > AES only or also other cyphers (i guess so?) > > Depends on the size of the keyspace. I imagine you get more > information from a known plaintext attack if the keyspace is > smaller, ie as in DES-56 or other low quality cipher. Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
