Because the point of filling with random data is to eliminate the possibility of being able to tell where real data is stored. If the random data is cracked by using a known plaintext attack, then the benefit of having this random data is nullified. Kerckhoff's principle should be called Kerckhoff's Ideal, as it is ideal, but doesn't mean that AES matches that ideal. If AES was guaranteed to meet that ideal, then there would be no point in pre-filling in with random data. Since we cannot be guaranteed that AES matches Kerckhoff's ideal, it is safer to eliminate as many avenues of attack as we can, as some of those avenues may be vulnerable ones for AES for all we know. Sam > On 31.08.2009, test532@xxxxxxxxxxxxxxxx wrote: > > I agree with Rick that one should use /dev/urandom (instead of > > encryption) due to the enabling of known plaintext attacks > > Known plaintext attacks on what? On a bunch of zeroes? > > After overwriting the whole partition using dmcrypt via /dev/zero, the > random key used will be deleted irrevocably, and the partition gets a brand > new setup of LUKS/dmcrypt, and it gets partially filled with "real" data. > You haven't even to use the same algorithm, hash or whatever. How should > this lead to a significantly better situation to attack the > key/ciphertext? > > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt > _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
