Deskin Miller wrote:
> my question is:
> somebody who knows this technique now knows the plain "data" (or at
> least for a long time huge parts of it) could he get information about
> the master key he else wouldn't have?
This seems to be going after convenience at the expense of security.
Right-- known plaintext attacks, perhaps other weaknesses in the
encryption with just zeros-- to messy to figure out.
So how about this? We do like they suggest with /dev/zero, but we do
it with a randomly-generated key, which has nothing to do with the key
used to actually encrypt data, and furthermore doesn't need to be
remembered: we throw it away after writing the random (encrypted)
data.
yes that, but what I do is copy from another device - not zeros but data
on a disk. Just as fast. Once that's done re-format the luks partition
to get another key for the real data.
Dick
---------------------------------------------------------------------
- http://www.saout.de/misc/dm-crypt/
To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx
For additional commands, e-mail: dm-crypt-help@xxxxxxxx
