[19860] in cryptography@c2.net mail archive
methods of filling encrypted disks
daemon@ATHENA.MIT.EDU (Travis H.)
Sat Feb 4 13:09:54 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sat, 4 Feb 2006 01:37:59 -0600
From: "Travis H." <solinym@gmail.com>
To: cryptography@metzdowd.com
So on this page:
http://www.saout.de/tikiwiki/tiki-index.php?page=3DEncryptedDevice
there is a suggestion that people fill the encrypted image of a
dm-crypt target with random data. Why?
I assume this is because making the filesystem on the unencrypted
(upper) layer will only write to a small portion of the overall disk
space. Presumably then the apparently non-random blocks on the
encrypted (lower) layer then represent areas unwritten to on the
unencrypted layer. What else is leaked by not filling the lower layer
with random data before creating and formatting the upper?
I found the suggestion of using /dev/urandom to be far too slow, as it
produces 160 bits of output per SHA-1 computation. I want to know if
the fourth paragraph is correct, that copying /dev/zero to the upper
layer before creating a file system would indeed provide the same
protection against whatever attack the "fill with random bits"
protects against.
--
"Whosoever is delighted in solitude is either a wild beast or a god." -><-
http://www.lightconsulting.com/~travis/
GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
