On Wed, Nov 21, 2007 at 08:08:22AM +0930, Roscoe wrote: > My two cents: > > If all you're doing is > > dd if=/dev/zero of=/image.img bs=8M count=4000 > losetup /dev/loop0 /image.img > cryptsetup luksFormat /dev/loop0 > cryptsetup luksOpen /dev/loop0 encryptedimage > mkfs /dev/mapper/encryptedimage right > Then I would say it makes no difference to security if you use a > sparse file or not. > > An attacker might be able to guess a few things in either case about > the nature of your encypyted data, perhaps the filesystem you used, > how full it is etc...By looking at the size and distribution of the > ciphertext. > (eg: if you were to fill your encrypted filesystem with 20GB of files, > one would be able to see there was 20GB of ciphertext) > > > By using a sparse file you risk it getting fragmented and having a > performance hit, no idea if that's significant :) Hmm, correct, I had forgotten about that. I will have to keep an eye on the performance numbers indeed. Thanks! --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
