Yes, it will overwrite the header and potential free space after the
header up to the first sector of encrypted data.
Does this seem so weird?
Regards
-Sven
Am 10.02.2016 um 21:02 schrieb Michael Kjörling:
On 10 Feb 2016 20:21 +0100, from arno@xxxxxxxxxxx (Arno Wagner):
On Wed, Feb 10, 2016 at 20:13:15 CET, Subscriptions wrote:
dd if=/dev/urandom of=/dev/sda1 bs=512 count=8
That will have killed the header, not the key-slots. As the
header contains an unguessable salt, this is already pretty
secure.
To also kill the keyslots, run something like
dd if=/dev/urandom of=/dev/sda1 bs=512 count=4096
if you have "Payload offset: 4096". Or run
Out of curiosity; are you saying that for a given, known, _specific_
LUKS container, the first "payload offset" × 512 bytes is what we need
to overwrite if we want to securely erase the entire LUKS header on
that container without collateral damage? (Leaving the encrypted data
untouched.)
Let's ignore here the issue of "overwriting" _anything at all_ on SSDs
and SSHDs.
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
