I've been curious about the random data step for a while. I created an array made up of dm-crypted disks but I didn't do this step. The disks did have some data on them but not necessarily random data. What is the functional purpose of writing random data to the disk prior to encrypting them? Does the encryption process use existing data from the disk as part of it's encryption method? What would happen if dm-crypt was used on a completely blank disk?
Thanks,
Steve
On Thu, May 29, 2014 at 4:13 PM, Arno Wagner <arno@xxxxxxxxxxx> wrote:
First, I presume this is about wiping the raw volume with
cryptographically striong randomness, or wriping the new
encrypted volume with anything (e.g. zeros). These two come
down to the same effect on the raw volume.
Erasing is not recommended to remove any data that was there
before (if you want that, you must erase, but it is a separate
thing). Erasing is recommended to make it non-transparent where
data was written in the encrypted volume. If you care, then you
need to erase.
Arno
> _______________________________________________
On Thu, May 29, 2014 at 15:33:23 CEST, Kenny Lake wrote:
> If I want to create an encrypted volume, over a disk drive where there
> were no sensible data or there was another encrypted volume, can i skip
> the erasing procedure or will compromise the security of the new encrypted
> volume?
> dm-crypt mailing list
> dm-crypt@xxxxxxxx
> http://www.saout.de/mailman/listinfo/dm-crypt
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. - Plato
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
________________________________________________________________
Steve Cousins Supercomputer Engineer/Administrator
Advanced Computing Group University of Maine System
244 Neville Hall (UMS Data Center) (207) 561-3574
Orono ME 04469 steve.cousins at maine.edu
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
