From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from v6.tansi.org (ns.km31936-01.keymachine.de [87.118.116.4]) by mail.server123.net (Postfix) with ESMTP for ; Fri, 30 May 2014 15:42:39 +0200 (CEST) Received: from gatewagner.dyndns.org (77-57-44-24.dclient.hispeed.ch [77.57.44.24]) by v6.tansi.org (Postfix) with ESMTPA id E8AE834FA001 for ; Fri, 30 May 2014 15:42:38 +0200 (CEST) Date: Fri, 30 May 2014 15:42:38 +0200 From: Arno Wagner Message-ID: <20140530134238.GA21698@tansi.org> References: <1401370403.94216.YahooMailNeo@web172002.mail.ir2.yahoo.com> <20140529201335.GA9014@tansi.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Subject: Re: [dm-crypt] Is erasing hard disk drive mandatory? List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de If you put an encrypted volume on a blank disk, anybody getting access to the raw disk can tell where (whcih secotrs) data was written to. That can represent a hidden channel that leaks information. Arno On Fri, May 30, 2014 at 15:32:38 CEST, Stephen Cousins wrote: > I've been curious about the random data step for a while. I created an > array made up of dm-crypted disks but I didn't do this step. The disks did > have some data on them but not necessarily random data. What is the > functional purpose of writing random data to the disk prior to encrypting > them? Does the encryption process use existing data from the disk as part > of it's encryption method? What would happen if dm-crypt was used on a > completely blank disk? > > Thanks, > > Steve > > > On Thu, May 29, 2014 at 4:13 PM, Arno Wagner wrote: > > > First, I presume this is about wiping the raw volume with > > cryptographically striong randomness, or wriping the new > > encrypted volume with anything (e.g. zeros). These two come > > down to the same effect on the raw volume. > > > > Erasing is not recommended to remove any data that was there > > before (if you want that, you must erase, but it is a separate > > thing). Erasing is recommended to make it non-transparent where > > data was written in the encrypted volume. If you care, then you > > need to erase. > > > > Arno > > > > On Thu, May 29, 2014 at 15:33:23 CEST, Kenny Lake wrote: > > > If I want to create an encrypted volume, over a disk drive where there > > > were no sensible data or there was another encrypted volume, can i skip > > > the erasing procedure or will compromise the security of the new > > encrypted > > > volume? > > > > > _______________________________________________ > > > dm-crypt mailing list > > > dm-crypt@saout.de > > > http://www.saout.de/mailman/listinfo/dm-crypt > > > > > > -- > > Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name > > GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 > > ---- > > A good decision is based on knowledge and not on numbers. - Plato > > _______________________________________________ > > dm-crypt mailing list > > dm-crypt@saout.de > > http://www.saout.de/mailman/listinfo/dm-crypt > > > > > > -- > ________________________________________________________________ > Steve Cousins Supercomputer Engineer/Administrator > Advanced Computing Group University of Maine System > 244 Neville Hall (UMS Data Center) (207) 561-3574 > Orono ME 04469 steve.cousins at maine.edu > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. - Plato