Michael Schmidt wrote:
Hi,
the on-line LUKS documentation recommends for crypto-analytic reasons to
initialize any partition that is to becom encrypted by LUKS to be initialized
with random data (from: http://www.saout.de/tikiwiki/tiki-index.php?
page=EncryptedDeviceUsingLUKS):
Note : if you want your encryption to defeat a full cryptoanalytic attack, not
just casual snooping, you need to fill the disk with high quality random data.
Badblocks below justs uses 'libc' random(), but is fast (your limitation will
be disk speed, not CPU speed). /dev/urandom is better (takes about 5 minutes
per gigabyte on my system), /dev/random is best (takes about 1 year per
gigabyte on my system, much too slow!).
What's the very reason for it (besides eliminating any left-over plaintext
data)? Is there any scientific papaer or reference backing this up?
Thanks in advance,
Michael
Two different issues:
1. Filling the disk with random data obfuscates the difference between
data that has been encrypted (which is in theory random) and data that
has not been encrypted, which will not be random.
In other words, you are in effect hiding any boundaries between cipher
text and clear text. This makes it more difficult for an attacker to
distinguish the two and also to potentially have both cipher text and
clear text for the same data, aiding in an attack.
2. Simply filling the disk with random data does NOT sufficiently
overwrite old data to the point of no longer being recoverable.
This is basic electromagnetics. See information on data remanance, such as:
http://en.wikipedia.org/wiki/Data_remanence
and many others.
HTH,
Marc Schwartz
---------------------------------------------------------------------
dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/
To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx
For additional commands, e-mail: dm-crypt-help@xxxxxxxx
