Re: [dm-crypt] Is erasing hard disk drive mandatory?

From: Arno Wagner <arno@wagner.name>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] Is erasing hard disk drive mandatory?
Date: Fri, 30 May 2014 15:42:38 +0200	[thread overview]
Message-ID: <20140530134238.GA21698@tansi.org> (raw)
In-Reply-To: <CAMFqqRpTzXA4x12wC-P7YG5K7gkMfrgk52vWdzUu3ZwJ_=CkSA@mail.gmail.com>

If you put an encrypted volume on a blank disk, anybody getting
access to the raw disk can tell where (whcih secotrs) data was 
written to. That can represent a hidden channel that leaks
information.

Arno

On Fri, May 30, 2014 at 15:32:38 CEST, Stephen Cousins wrote:
> I've been curious about the random data step for a while. I created an
> array made up of dm-crypted disks but I didn't do this step. The disks did
> have some data on them but not necessarily random data. What is the
> functional purpose of writing random data to the disk prior to encrypting
> them? Does the encryption process use existing data from the disk as part
> of it's encryption method? What would happen if dm-crypt was used on a
> completely blank disk?
> 
> Thanks,
> 
> Steve
> 
> 
> On Thu, May 29, 2014 at 4:13 PM, Arno Wagner <arno@wagner.name> wrote:
> 
> > First, I presume this is about wiping the raw volume with
> > cryptographically striong randomness, or wriping the new
> > encrypted volume with anything (e.g. zeros). These two come
> > down to the same effect on the raw volume.
> >
> > Erasing is not recommended to remove any data that was there
> > before (if you want that, you must erase, but it is a separate
> > thing). Erasing is recommended to make it non-transparent where
> > data was written in the encrypted volume. If you care, then you
> > need to erase.
> >
> > Arno
> >
> > On Thu, May 29, 2014 at 15:33:23 CEST, Kenny Lake wrote:
> > > If I want to create an encrypted volume, over a disk drive where there
> > > were no sensible data or there was another encrypted volume, can i skip
> > > the erasing procedure or will compromise the security of the new
> > encrypted
> > > volume?
> >
> > > _______________________________________________
> > > dm-crypt mailing list
> > > dm-crypt@saout.de
> > > http://www.saout.de/mailman/listinfo/dm-crypt
> >
> >
> > --
> > Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
> > GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
> > ----
> > A good decision is based on knowledge and not on numbers. -  Plato
> > _______________________________________________
> > dm-crypt mailing list
> > dm-crypt@saout.de
> > http://www.saout.de/mailman/listinfo/dm-crypt
> >
> 
> 
> 
> -- 
> ________________________________________________________________
>  Steve Cousins             Supercomputer Engineer/Administrator
>  Advanced Computing Group            University of Maine System
>  244 Neville Hall (UMS Data Center)              (207) 561-3574
>  Orono ME 04469                      steve.cousins at maine.edu

> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -  Plato