On Thu, Oct 24, 2013 at 09:33:47AM +0200, Thomas Martin wrote: > Hello Arno. > > > Encryption does not overwrite your data. If you want that > > with LUKS or plain dm-crypt, ypu need to do the overwrite > > yyourself. Some tools, like TrueCrypt, offer you to do > > this optionally during installation. > > > > See also FAQ item 5.3. > > My bad, this is actually obvious (I always used shred when I was > converting my old unsecured machines before encrypting them). > > > > Yes. See FAQ item 5.3. If you do it for an already created > > filesystem, you will not reach everything though, that is > > why the overwrite should be done after crypto-mapping, but > > before filesystem creation. > > > > Arno > > Good point, I was looking to avoid insecurities by disabling TRIM but > I didn't understood that this insecurity was "by default" even > wwithout TRIM (as I didn't filled the LUKS container). > > > Thanks a lot Arno, this is a lot more understandable for me now. You are welcome. SSDs are still a security risk with regard to some features, namely erasing old data, changing passphrases and securely erasing a LUKS container, see FAQ Item 5.19. If you understand these issues and accept the associated risks, encryption on SSDs is still a lot more secure than no encryption. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult. --Tony Hoare _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
