My two cents: If all you're doing is dd if=/dev/zero of=/image.img bs=8M count=4000 losetup /dev/loop0 /image.img cryptsetup luksFormat /dev/loop0 cryptsetup luksOpen /dev/loop0 encryptedimage mkfs /dev/mapper/encryptedimage Then I would say it makes no difference to security if you use a sparse file or not. An attacker might be able to guess a few things in either case about the nature of your encypyted data, perhaps the filesystem you used, how full it is etc...By looking at the size and distribution of the ciphertext. (eg: if you were to fill your encrypted filesystem with 20GB of files, one would be able to see there was 20GB of ciphertext) By using a sparse file you risk it getting fragmented and having a performance hit, no idea if that's significant :) On Nov 21, 2007 2:56 AM, Andreas <ahasenack@xxxxxxxxxxxx> wrote: > Hello, > > I'm creating image files using dd and associating them with a loop > device with losetup (no crypto so far). Then I use cryptsetup on the > loop device. > > Since the image files are rather large (+/- 35Gb), using plain dd takes > a long time (dd if=/dev/zero of=/image.img ...) and renders the machine > quite useless during that time. > > I then tried creating a sparse file instead and it was much faster and > seems to be working well. Are there any bad security implications in > using a sparse file instead of a "full" file, considering I was filling > it with zeroes to begin with? > > > --------------------------------------------------------------------- > dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ > To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx > For additional commands, e-mail: dm-crypt-help@xxxxxxxx > > --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
