On 02/19/2011 05:46 PM, Nicolas Bock wrote:
> Why use random data to overwrite? Shouldn't /dev/zero be enough since
> the crypto should produce good randomness on disk?
Then you can distinguish between used blocks ("random noise") and
unused blocks (remains zeroed).
So filling with zero guarantees that old data are wiped, but also
leaks info which blocks were overwritten later.
Question: Is it good idea to add "wipe" option to cryptsetup luksFormat?
So it optionally can wipe all the space with random data?
(probably using some fast RNG provided by crypto backend or by
encryption zero data with the same algorithm as in luksFormat
but using one-time random key)
If so, I'll add this to my todo list.
Milan
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
