On Sun, Dec 15, 2019 at 10:51 AM Jordan Glover <Golden_Miller83@xxxxxxxxxxxxx> wrote: > > I think encrypting previously unencrypted data on the same disk > doesn't guarantee that old data won't be recoverable especially > on ssd/nvme which are ubiquitous today. Officially supporting > such case on LUKS will give users false sense of security of > their data. This problem exists even in the backup and restore to LUKS encrypted volume case. In fact it's less reliable because there's no assurance with backup->restore method that all previously occupied LBAs are overwritten, whereas an inplace conversion can assure that all LBAs in the previous range are read and encrypted. It's a matter of implementation, there's the potential for false sense of security regardless. -- Chris Murphy _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx https://www.saout.de/mailman/listinfo/dm-crypt
