Hey Milan,
On 19/02/2011 Milan Broz wrote:
> On 02/19/2011 05:46 PM, Nicolas Bock wrote:
> > Why use random data to overwrite? Shouldn't /dev/zero be enough since
> > the crypto should produce good randomness on disk?
>
> Then you can distinguish between used blocks ("random noise") and
> unused blocks (remains zeroed).
>
> So filling with zero guarantees that old data are wiped, but also
> leaks info which blocks were overwritten later.
If I got Arno right, he, first setups a plain dm-crypt device for the
to-be-encrypted partition, and then fills the encrypted device with
random data. In this case it should be enough to fill the encrypted
device with zeros, shouldn't it?
> Question: Is it good idea to add "wipe" option to cryptsetup luksFormat?
>
> So it optionally can wipe all the space with random data?
> (probably using some fast RNG provided by crypto backend or by
> encryption zero data with the same algorithm as in luksFormat
> but using one-time random key)
>
> If so, I'll add this to my todo list.
I think that would be a great new feature, it eases secure setups for
users.
greetings,
jonas
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
