Hi all,
I just wanted to post back with some thoughts and hopefully a helpful
clarification, given some of the discussion on this thread.
There are two (at least) issues here:
1. The pre-writing of random data prior to setting up a LUKS protected
partition. In the words of more than one entry in the wiki:
"It's good to fill an encrypted disk with initial random data."
2. The wiping of old data "in the clear" prior to setting up a LUKS
protected partition to preclude its recovery. __This is NOT generally
covered in the wiki setup entries.__
In the first case, one is writing (in a single pass) an underlying
random pattern of data to the partition to make it more difficult (but
perhaps not impossible) to discern what is random noise versus what is
encrypted data. In an ideal world, the two should be indistinguishable
under reasonable cryptanalysis.
Thus, there is less information available to a prospective attacker
relative to certain types of attacks on the ciphertext in the absence of
the passphrase and key.
In the second case, one or two passes of random data are not sufficient
to preclude the possibility of a well equipped forensic attacker from
being able to recover what was presumed to be overwritten data that was
in the clear.
More information is here:
http://en.wikipedia.org/wiki/Data_remanence
Most commonly used disk wiping software will implement 1 or all 3
typical types of wiping:
1. DoD Spec 5220.22-M (http://en.wikipedia.org/wiki/DOD_5220.22-M) which
involves 3 passes of writing 0's, then 1's and then random data to cover
underlying bit patterns. Finally, a read verification pass is performed.
2. A "Long DoD" cycle of 9 passes. This is 7 alternating passes of 0's
then 1's, followed by a random cycle and then a read verification cycle.
3. The "Gutmann" Method (http://en.wikipedia.org/wiki/Gutmann_method)
which involves 35 cycles. Yeah...35 cycles....but one should note the
caveats for this method.
So the bottom line is that even one or two passes of random (even
"purely" random) data is not sufficient if the intention is to wipe old
data in the clear from a drive. And...even the above methods are not
absolute guarantees from well financed and well equipped attackers (ie.
TLA's).
A good product to consider here is Darik's Boot and Nuke:
http://dban.sourceforge.net/
Note that the regular DoD spec can take several hours even for fast
drives of a reasonable size.
The "Long DoD" spec, well...much longer.
The Gutmann method can take _days_.
HTH,
Marc Schwartz
---------------------------------------------------------------------
- http://www.saout.de/misc/dm-crypt/
To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx
For additional commands, e-mail: dm-crypt-help@xxxxxxxx
