Re: LUKS and LVM

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hey Milan,

On 19/02/2011 Milan Broz wrote:
> On 02/19/2011 05:46 PM, Nicolas Bock wrote:
> > Why use random data to overwrite? Shouldn't /dev/zero be enough since
> > the crypto should produce good randomness on disk?
> 
> Then you can distinguish between used blocks ("random noise") and
> unused blocks (remains zeroed).
> 
> So filling with zero guarantees that old data are wiped, but also
> leaks info which blocks were overwritten later.

If I got Arno right, he, first setups a plain dm-crypt device for the
to-be-encrypted partition, and then fills the encrypted device with
random data. In this case it should be enough to fill the encrypted
device with zeros, shouldn't it?

> Question: Is it good idea to add "wipe" option to cryptsetup luksFormat?
> 
> So it optionally can wipe all the space with random data?
> (probably using some fast RNG provided by crypto backend or by
> encryption zero data with the same algorithm as in luksFormat
> but using one-time random key)
> 
> If so, I'll add this to my todo list.

I think that would be a great new feature, it eases secure setups for
users.

greetings,
 jonas

Attachment: signature.asc
Description: Digital signature

_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt

[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux