If you do this right (zero wipe within the opened encrypted container, as described in FAQ Item 2.19), then you can decrypt this data to zeros. Unfortunately, given the frequency that people ask about "hidden encrypted voluems" here and are completely unaware of the danger they put themselves in, I thinks educating people about this risk is a lost cause. Arno On Fri, May 30, 2014 at 21:03:08 CEST, Laurence Darby wrote: > > You're all missing a very important point. Have a read of > http://embeddedsw.net/doc/physical_coercion.txt (a reference on > http://en.wikipedia.org/wiki/Deniable_encryption) and think about if > you want some random data at the end of your drive that you can't > decrypt. > > -- > Laurence > > > > Thomas Bastiani wrote: > > > On 05/30/14 18:47, Heinz Diehl wrote: > > > On 30.05.2014, Thomas Bastiani wrote: > > > > > >> It may be that files that you create and then delete will trigger > > >> a TRIM operation if dm-crypt (and > > >> eventually LVM) are configured to pass TRIM through. But the rest of > > >> your "securely erased" drive is still not TRIM-ed. > > > > > > As far as I know, mkfs discards blocks while creating the filesystem. > > > So your device should be "overwritten" at that stage of the process? > > > > > > > Oh cool. I had no idea. So then it would make the whole dd operation > > useless if you pass --allow-discards to cryptsetup. > > > > -- > > Thomas > > _______________________________________________ > > dm-crypt mailing list > > dm-crypt@xxxxxxxx > > http://www.saout.de/mailman/listinfo/dm-crypt > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. - Plato _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
