Hi! Sven Eschenberg writes: > The question I was asking myself is: Let's assume an adversary has the > knowledge, that a) you just grew a volume, b), you used the method > with dummyfiles fed from /dev/zero. > Now if the Adversary arbitarily reads a set of sectors from the > freshly added area, does the knowledge, that all the blocks actually > equal zeros in cleartext, give the adversary an opportunity to break > the key more easily? I would think that zeros are quite common anyway. One can always try to attack on the assumption that there are a lot of zeros on the original disk. So writing zeros should be reasonably safe, I think, because the disk encryption should be strong enough to withstand such an attack anyway. > Would it be better to fill those dummyfiles from /dev/urandom as usual? Sure, you take away an attack vector by this. In practice, the encryption should be strong enough to withstand /dev/null clearing, and it is much faster (at least on my machine, using /dev/urandom for disk randomisation is absolutely no fun). But /dev/zero is definitely not for paranoids, so if your dressing style involves a lot of tin foil, better use /dev/urandom to create the dummy files. Seriously, you could improve easily by copying large files (mp3, avi, zip, tgz, etc. don't contain much redundancy) until the disk is full. That's very fast, too. **Henrik --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
