Hi, Am 14.07.2011 18:52, schrieb Milan Broz: > But if you fill disk by random and someone later run fstrim while > device was mounted, it will uncover various patterns there. This is new problem. > > I am almost sure that filesystem type could be detected from ciphertext device > by using non-discarded block pattern analysis. What else depends on situation. I agree on that. But then again, just guessing the filesystem would probably be easier (I guess that most people use ext3/4). And you could even look at the content of the initrd to see which filesystem is used for /, for example. I was thinking that perhaps you can guess some of the metadata of the filesystem (free-block list etc.), but as far as I known there are no relevant known-plaintext attacks on AES, so I'd be willing to take that risk. > If you have some analysis what is possible to recover, please post it to the list, > it could be very interesting. No, unfortunately I have never heard of such an analysis, that's why I was asking. Greetings, Philipp _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
