At Mon, 31 Aug 2009 06:50:39 -0400, test532@xxxxxxxxxxxxxxxx wrote: Thanks for your polite explaining so far! > Because the point of filling with random data is to eliminate the possibility > of being able to tell where real data is stored. Yes, that's clear. > If the random data is cracked by using a known plaintext attack, then the > benefit of having this random data is nullified. To crack the random data, the attacker must be able to distinguish them from the "real" data. AS far as I know, if the key after a nullifiying action via dmcrypt is wiped, the disk is filled with pseudorandom data and ciphertext of the real data. For a known plaintext attack to work, one must have the plaintext and the corresponding block of ciphertext resulting in encryting this plaintext, but that is not possible in this scenario. No one can distinguish between the real ciphertext (encrypted by a wholly different key) and the filling with zeroes. The aim of a known plaintext attack is to find the key, but it has been irrevocably wiped, and the real text is encrypted by a totally different key, in fact. Sorry, but I can not see at all how a procedure which uses /dev/zero and dmcrypt to fill a partition with pseudorandom data could weaken the whole encryption / reduce the time for an attack on the real ciphertext at all. Besides, AES is not vulnerable to known plaintext attacks, as far as I know. _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
