Is it really critical? What benefit does one gain if one is confident in the security of the symmetric cipher? I personally figure dd if=/dev/zero of=/dev/mapper/home before running mkfs /dev/mapper/home is sufficient (to protect against issue mentioned below). (I don't really know much about file systems, but in my imagination given a zeroed disk if one were to create a dm-crypt encrypted filesystem on it, one would be able to ascertain how full the encrypted partition was (and possibly some vague information about size/number of files?) by looking at what areas of the disk *hadn't* have ciphertext written to them. Of course if there exists sophisticated analysis of the disk surface that can establish when and to what area of a disk writing had taken place then you'd just have to grin and bear that slight information leak.) On 25/05/06, Marc Schwartz <MSchwartz@xxxxxxxxx> wrote: <snip>
1. Unless I am going blind in my middle age, I did not see a step in your HOWTO about prefilling the disk partition with random data. This is Step 1a/b in WOS's wiki entry. Is there a complication when using LVM2 in terms of doing this or is this a missing critical step (perhaps with some differences in process) in the sequence?
</snip> --------------------------------------------------------------------- - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
