On Sun, 30 Aug 2009 16:28:57 +0200 Heinz Diehl <htd@xxxxxxxxxxxxxxxxx> wrote:
> At Sun, 30 Aug 2009 16:07:22 +0200,
> Rick Moritz wrote:
>
> > > Btw: why do you want to overwrite the entire partition? In my eyes, this is
> > > some kind of rocket science and makes no sense, considering Kerckhoff's law.
>
> > It is useful to create random data on the partition in order to hide which
> > sectors contain encrypted data and which don't - this makes attacks much harder.
>
> In my opinion, if the encryption is considered secure it doesn't mind if the attacker is
> able to distinguish the ciphertext from the rest or not. The logical
> consequence of this would be that "wiping" a disk by writing random data on it is
> nothing but a complete waste of time.
>
> http://en.wikipedia.org/wiki/Kerckhoffs%27_principle
Of course, that holds, if we assume encryption to be secure. But that is a theoretical construct. Given time and ressources NO encryption is secure - therefore it is only reasonable to take any additional matters that enhance security. This is especially advised if the cost to gain ratio is reasonably high. Keeping the number of attack vectors low strengthens the implemtation of the cryptographic algorithm.
Additionally, if LUKS is not used this provides some degree of plausibal deniability. I maintain a disk-full of random data to do intrusion testing on network services.
�On the other hand, if you can mathematically/logically prove that dm-crypt + LUKS is secure, I will readily concede that you are correct. ;)
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
