If you put an encrypted volume on a blank disk, anybody getting access to the raw disk can tell where (whcih secotrs) data was written to. That can represent a hidden channel that leaks information. Arno On Fri, May 30, 2014 at 15:32:38 CEST, Stephen Cousins wrote: > I've been curious about the random data step for a while. I created an > array made up of dm-crypted disks but I didn't do this step. The disks did > have some data on them but not necessarily random data. What is the > functional purpose of writing random data to the disk prior to encrypting > them? Does the encryption process use existing data from the disk as part > of it's encryption method? What would happen if dm-crypt was used on a > completely blank disk? > > Thanks, > > Steve > > > On Thu, May 29, 2014 at 4:13 PM, Arno Wagner <arno@xxxxxxxxxxx> wrote: > > > First, I presume this is about wiping the raw volume with > > cryptographically striong randomness, or wriping the new > > encrypted volume with anything (e.g. zeros). These two come > > down to the same effect on the raw volume. > > > > Erasing is not recommended to remove any data that was there > > before (if you want that, you must erase, but it is a separate > > thing). Erasing is recommended to make it non-transparent where > > data was written in the encrypted volume. If you care, then you > > need to erase. > > > > Arno > > > > On Thu, May 29, 2014 at 15:33:23 CEST, Kenny Lake wrote: > > > If I want to create an encrypted volume, over a disk drive where there > > > were no sensible data or there was another encrypted volume, can i skip > > > the erasing procedure or will compromise the security of the new > > encrypted > > > volume? > > > > > _______________________________________________ > > > dm-crypt mailing list > > > dm-crypt@xxxxxxxx > > > http://www.saout.de/mailman/listinfo/dm-crypt > > > > > > -- > > Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx > > GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 > > ---- > > A good decision is based on knowledge and not on numbers. - Plato > > _______________________________________________ > > dm-crypt mailing list > > dm-crypt@xxxxxxxx > > http://www.saout.de/mailman/listinfo/dm-crypt > > > > > > -- > ________________________________________________________________ > Steve Cousins Supercomputer Engineer/Administrator > Advanced Computing Group University of Maine System > 244 Neville Hall (UMS Data Center) (207) 561-3574 > Orono ME 04469 steve.cousins at maine.edu > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. - Plato _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
