On Sat, Feb 19, 2011 at 09:46:04AM -0700, Nicolas Bock wrote: > > > On 02/18/11 13:07, Arno Wagner wrote: > > (I use plain dm-crypt > >>> with a random password and overwrite with conventional, > >>> mt19997-generated randomness). > > > Why use random data to overwrite? Shouldn't /dev/zero be enough since > the crypto should produce good randomness on disk? It is only marginally slower this way and there may be issues with initialisation vectors in disk encryption. There are no that I know of with the current cryptsetup defaults. This is just a very cheap additional layer of protection. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
