[19890] in cryptography@c2.net mail archive
AW: methods of filling encrypted disks
daemon@ATHENA.MIT.EDU (Kuehn, Ulrich)
Wed Feb 8 11:21:42 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Kuehn, Ulrich" <Ulrich.Kuehn@telekom.de>
To: solinym@gmail.com, cryptography@metzdowd.com
Date: Mon, 6 Feb 2006 09:33:20 +0100
> Von: Travis H. [mailto:solinym@gmail.com]
>
> So on this page:
> http://www.saout.de/tikiwiki/tiki-index.php?page=EncryptedDevice
> there is a suggestion that people fill the encrypted image of
> a dm-crypt target with random data. Why?
>
[...]
> I found the suggestion of using /dev/urandom to be far too
> slow, as it produces 160 bits of output per SHA-1
> computation. I want to know if the fourth paragraph is
> correct, that copying /dev/zero to the upper layer before
> creating a file system would indeed provide the same
> protection against whatever attack the "fill with random bits"
> protects against.
What about using /dev/zero to fill the drive? Assuming that you
configure dm-crypt to use a secure cipher and a reasonably good
mode of operation, of course. Maybe use a key different from that
you will use finally for the device.
However, make sure that you do that before mkfs, otherwise all the
non-user-writeable parts of the device (inode tables etc) will not
be filled.
Are there any problems with this? I would assume that when the
crypto is good enough for my data, it should also hide all-zeroes,
shouldn't it?
Ulrich
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
