-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/19/11 11:17, Jonas Meurer wrote:
> Hey Milan,
>
> On 19/02/2011 Milan Broz wrote:
>> On 02/19/2011 05:46 PM, Nicolas Bock wrote:
>>> Why use random data to overwrite? Shouldn't /dev/zero be enough since
>>> the crypto should produce good randomness on disk?
>>
>> Then you can distinguish between used blocks ("random noise") and
>> unused blocks (remains zeroed).
>>
>> So filling with zero guarantees that old data are wiped, but also
>> leaks info which blocks were overwritten later.
>
> If I got Arno right, he, first setups a plain dm-crypt device for the
> to-be-encrypted partition, and then fills the encrypted device with
> random data. In this case it should be enough to fill the encrypted
> device with zeros, shouldn't it?
That's how I understood Arno's email too. The zeros will be written as
"random noise" to disk since they go through the cipher first. I could
see though that the extra paranoid would use a random source :)
nick
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk1gFdAACgkQf15tZKyRylLAPwCfW0bYHV6GpOnkx4LmYm1Y4iw2
LokAn0UbYJi/uox26XTD8+sXaq6C8hG7
=yEjW
-----END PGP SIGNATURE-----
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
