On 10 Feb 2016 20:21 +0100, from arno@xxxxxxxxxxx (Arno Wagner): > On Wed, Feb 10, 2016 at 20:13:15 CET, Subscriptions wrote: >> dd if=/dev/urandom of=/dev/sda1 bs=512 count=8 > > That will have killed the header, not the key-slots. As the > header contains an unguessable salt, this is already pretty > secure. > > To also kill the keyslots, run something like > > dd if=/dev/urandom of=/dev/sda1 bs=512 count=4096 > > if you have "Payload offset: 4096". Or run Out of curiosity; are you saying that for a given, known, _specific_ LUKS container, the first "payload offset" × 512 bytes is what we need to overwrite if we want to securely erase the entire LUKS header on that container without collateral damage? (Leaving the encrypted data untouched.) Let's ignore here the issue of "overwriting" _anything at all_ on SSDs and SSHDs. -- Michael Kjörling • https://michael.kjorling.se • michael@xxxxxxxxxxx “People who think they know everything really annoy those of us who know we don’t.” (Bjarne Stroustrup) _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
