[dm-crypt] Is erasing hard disk drive mandatory?

[dm-crypt] Is erasing hard disk drive mandatory?

[Kenny Lake]

[-- Attachment #1: Type: text/plain, Size: 227 bytes --]

If I want to create an encrypted volume, over a disk drive where there were no sensible data or there was another encrypted volume, can i skip the erasing procedure or will compromise the security of the new encrypted volume?

[-- Attachment #2: Type: text/html, Size: 458 bytes --]

Re: [dm-crypt] Is erasing hard disk drive mandatory?

[Arno Wagner]

First, I presume this is about wiping the raw volume with 
cryptographically striong randomness, or wriping the new 
encrypted volume with anything (e.g. zeros). These two come
down to the same effect on the raw volume.

Erasing is not recommended to remove any data that was there
before (if you want that, you must erase, but it is a separate
thing). Erasing is recommended to make it non-transparent where
data was written in the encrypted volume. If you care, then you
need to erase.

Arno

On Thu, May 29, 2014 at 15:33:23 CEST, Kenny Lake wrote:
> If I want to create an encrypted volume, over a disk drive where there
> were no sensible data or there was another encrypted volume, can i skip
> the erasing procedure or will compromise the security of the new encrypted
> volume?

> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt


-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -  Plato

Re: [dm-crypt] Is erasing hard disk drive mandatory?

[Andrew]

Hey Kenny,

If you do skip over the erase during configuration, you can get the same effect of by causing the filesystem to write to every block -- 

		dd if=/dev/zero of=uselessjunk ; \rm uselessjunk

Of course, you also need to fill up the inode tables, otherwise your disk may tell how many files are on the disk.  Make lots of files.

If you're paranoid, or have a need to irritate security experts, use /dev/urandom instead of /dev/zero.

&:-)


On Thu, 29 May 2014 14:33:23 +0100 (BST)
Kenny Lake <kennylake96@yahoo.it> wrote:

> If I want to create an encrypted volume, over a disk drive where
> there were no sensible data or there was another encrypted volume,
> can i skip the erasing procedure or will compromise the security of
> the new encrypted volume?
> 


-- 
Thousands of years to mess up six days' work, and we're STILL not done

Re: [dm-crypt] Is erasing hard disk drive mandatory?

[Stephen Cousins]

[-- Attachment #1: Type: text/plain, Size: 2229 bytes --]

I've been curious about the random data step for a while. I created an
array made up of dm-crypted disks but I didn't do this step. The disks did
have some data on them but not necessarily random data. What is the
functional purpose of writing random data to the disk prior to encrypting
them? Does the encryption process use existing data from the disk as part
of it's encryption method? What would happen if dm-crypt was used on a
completely blank disk?

Thanks,

Steve


On Thu, May 29, 2014 at 4:13 PM, Arno Wagner <arno@wagner.name> wrote:

> First, I presume this is about wiping the raw volume with
> cryptographically striong randomness, or wriping the new
> encrypted volume with anything (e.g. zeros). These two come
> down to the same effect on the raw volume.
>
> Erasing is not recommended to remove any data that was there
> before (if you want that, you must erase, but it is a separate
> thing). Erasing is recommended to make it non-transparent where
> data was written in the encrypted volume. If you care, then you
> need to erase.
>
> Arno
>
> On Thu, May 29, 2014 at 15:33:23 CEST, Kenny Lake wrote:
> > If I want to create an encrypted volume, over a disk drive where there
> > were no sensible data or there was another encrypted volume, can i skip
> > the erasing procedure or will compromise the security of the new
> encrypted
> > volume?
>
> > _______________________________________________
> > dm-crypt mailing list
> > dm-crypt@saout.de
> > http://www.saout.de/mailman/listinfo/dm-crypt
>
>
> --
> Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
> GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
> ----
> A good decision is based on knowledge and not on numbers. -  Plato
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>



-- 
________________________________________________________________
 Steve Cousins             Supercomputer Engineer/Administrator
 Advanced Computing Group            University of Maine System
 244 Neville Hall (UMS Data Center)              (207) 561-3574
 Orono ME 04469                      steve.cousins at maine.edu

[-- Attachment #2: Type: text/html, Size: 4023 bytes --]

Re: [dm-crypt] Is erasing hard disk drive mandatory?

[Arno Wagner]

If you put an encrypted volume on a blank disk, anybody getting
access to the raw disk can tell where (whcih secotrs) data was 
written to. That can represent a hidden channel that leaks
information.

Arno

On Fri, May 30, 2014 at 15:32:38 CEST, Stephen Cousins wrote:
> I've been curious about the random data step for a while. I created an
> array made up of dm-crypted disks but I didn't do this step. The disks did
> have some data on them but not necessarily random data. What is the
> functional purpose of writing random data to the disk prior to encrypting
> them? Does the encryption process use existing data from the disk as part
> of it's encryption method? What would happen if dm-crypt was used on a
> completely blank disk?
> 
> Thanks,
> 
> Steve
> 
> 
> On Thu, May 29, 2014 at 4:13 PM, Arno Wagner <arno@wagner.name> wrote:
> 
> > First, I presume this is about wiping the raw volume with
> > cryptographically striong randomness, or wriping the new
> > encrypted volume with anything (e.g. zeros). These two come
> > down to the same effect on the raw volume.
> >
> > Erasing is not recommended to remove any data that was there
> > before (if you want that, you must erase, but it is a separate
> > thing). Erasing is recommended to make it non-transparent where
> > data was written in the encrypted volume. If you care, then you
> > need to erase.
> >
> > Arno
> >
> > On Thu, May 29, 2014 at 15:33:23 CEST, Kenny Lake wrote:
> > > If I want to create an encrypted volume, over a disk drive where there
> > > were no sensible data or there was another encrypted volume, can i skip
> > > the erasing procedure or will compromise the security of the new
> > encrypted
> > > volume?
> >
> > > _______________________________________________
> > > dm-crypt mailing list
> > > dm-crypt@saout.de
> > > http://www.saout.de/mailman/listinfo/dm-crypt
> >
> >
> > --
> > Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
> > GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
> > ----
> > A good decision is based on knowledge and not on numbers. -  Plato
> > _______________________________________________
> > dm-crypt mailing list
> > dm-crypt@saout.de
> > http://www.saout.de/mailman/listinfo/dm-crypt
> >
> 
> 
> 
> -- 
> ________________________________________________________________
>  Steve Cousins             Supercomputer Engineer/Administrator
>  Advanced Computing Group            University of Maine System
>  244 Neville Hall (UMS Data Center)              (207) 561-3574
>  Orono ME 04469                      steve.cousins at maine.edu

> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt


-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -  Plato

Re: [dm-crypt] Is erasing hard disk drive mandatory?

[Stephen Cousins]

[-- Attachment #1: Type: text/plain, Size: 3968 bytes --]

I see. So it has nothing to do with how well the data is encrypted. Just
another level of protection as far as the scale of work someone would have
to try to crack it if it looked like the whole disk was encrypted vs. just
the actual data that had been written.

Thanks,

Steve


On Fri, May 30, 2014 at 9:42 AM, Arno Wagner <arno@wagner.name> wrote:

> If you put an encrypted volume on a blank disk, anybody getting
> access to the raw disk can tell where (whcih secotrs) data was
> written to. That can represent a hidden channel that leaks
> information.
>
> Arno
>
> On Fri, May 30, 2014 at 15:32:38 CEST, Stephen Cousins wrote:
> > I've been curious about the random data step for a while. I created an
> > array made up of dm-crypted disks but I didn't do this step. The disks
> did
> > have some data on them but not necessarily random data. What is the
> > functional purpose of writing random data to the disk prior to encrypting
> > them? Does the encryption process use existing data from the disk as part
> > of it's encryption method? What would happen if dm-crypt was used on a
> > completely blank disk?
> >
> > Thanks,
> >
> > Steve
> >
> >
> > On Thu, May 29, 2014 at 4:13 PM, Arno Wagner <arno@wagner.name> wrote:
> >
> > > First, I presume this is about wiping the raw volume with
> > > cryptographically striong randomness, or wriping the new
> > > encrypted volume with anything (e.g. zeros). These two come
> > > down to the same effect on the raw volume.
> > >
> > > Erasing is not recommended to remove any data that was there
> > > before (if you want that, you must erase, but it is a separate
> > > thing). Erasing is recommended to make it non-transparent where
> > > data was written in the encrypted volume. If you care, then you
> > > need to erase.
> > >
> > > Arno
> > >
> > > On Thu, May 29, 2014 at 15:33:23 CEST, Kenny Lake wrote:
> > > > If I want to create an encrypted volume, over a disk drive where
> there
> > > > were no sensible data or there was another encrypted volume, can i
> skip
> > > > the erasing procedure or will compromise the security of the new
> > > encrypted
> > > > volume?
> > >
> > > > _______________________________________________
> > > > dm-crypt mailing list
> > > > dm-crypt@saout.de
> > > > http://www.saout.de/mailman/listinfo/dm-crypt
> > >
> > >
> > > --
> > > Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email:
> arno@wagner.name
> > > GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D
> 9718
> > > ----
> > > A good decision is based on knowledge and not on numbers. -  Plato
> > > _______________________________________________
> > > dm-crypt mailing list
> > > dm-crypt@saout.de
> > > http://www.saout.de/mailman/listinfo/dm-crypt
> > >
> >
> >
> >
> > --
> > ________________________________________________________________
> >  Steve Cousins             Supercomputer Engineer/Administrator
> >  Advanced Computing Group            University of Maine System
> >  244 Neville Hall (UMS Data Center)              (207) 561-3574
> >  Orono ME 04469                      steve.cousins at maine.edu
>
> > _______________________________________________
> > dm-crypt mailing list
> > dm-crypt@saout.de
> > http://www.saout.de/mailman/listinfo/dm-crypt
>
>
> --
> Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
> GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
> ----
> A good decision is based on knowledge and not on numbers. -  Plato
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>



-- 
________________________________________________________________
 Steve Cousins             Supercomputer Engineer/Administrator
 Advanced Computing Group            University of Maine System
 244 Neville Hall (UMS Data Center)              (207) 561-3574
 Orono ME 04469                      steve.cousins at maine.edu

[-- Attachment #2: Type: text/html, Size: 6678 bytes --]

Re: [dm-crypt] Is erasing hard disk drive mandatory?

[Heinz Diehl]

On 30.05.2014, Stephen Cousins wrote: 

> I see. So it has nothing to do with how well the data is encrypted. Just
> another level of protection..

Maybe. I think the practical effects are negligible. With the first
minutes of use of such a disk, temporary files get written to it,
files get deleted, new ones get written and old stuff gets
overwritten. If the encryption is secure, all that doesn't really
matter.

Re: [dm-crypt] Is erasing hard disk drive mandatory?

[Stephen Cousins]

[-- Attachment #1: Type: text/plain, Size: 1278 bytes --]

Hi Heinz,

I agree. The field, by it's very nature, has varying levels of paranoia
(rightly so as we are seeing these days) and this level is more than what I
need for my purposes so I can save some time by not having to send random
data to all of the drives during the build process.

Steve


On Fri, May 30, 2014 at 11:07 AM, Heinz Diehl <htd@fancy-poultry.org> wrote:

> On 30.05.2014, Stephen Cousins wrote:
>
> > I see. So it has nothing to do with how well the data is encrypted. Just
> > another level of protection..
>
> Maybe. I think the practical effects are negligible. With the first
> minutes of use of such a disk, temporary files get written to it,
> files get deleted, new ones get written and old stuff gets
> overwritten. If the encryption is secure, all that doesn't really
> matter.
>
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>



-- 
________________________________________________________________
 Steve Cousins             Supercomputer Engineer/Administrator
 Advanced Computing Group            University of Maine System
 244 Neville Hall (UMS Data Center)              (207) 561-3574
 Orono ME 04469                      steve.cousins at maine.edu

[-- Attachment #2: Type: text/html, Size: 2815 bytes --]

Re: [dm-crypt] Is erasing hard disk drive mandatory?

[Thomas Bastiani]

On 05/30/14 16:17, Stephen Cousins wrote:
> Hi Heinz,
> 
> I agree. The field, by it's very nature, has varying levels of paranoia
> (rightly so as we are seeing these days) and this level is more than what I
> need for my purposes so I can save some time by not having to send random
> data to all of the drives during the build process.
> 
> Steve
> 

I tend to do the erase pass because it doesn't have a performance cost
on hard drives. On SSD's though, this would prevent TRIM from
functioning properly and make the SSD appear as full to the controller
which would hurt performance. So I tend to not erase SSDs with random
data before encryption. The other thing is if you TRIM NAND cells on
your SSD their contents should be unrecoverable as opposed to standard
hard-drives.

--
Thomas

Re: [dm-crypt] Is erasing hard disk drive mandatory?

[Heinz Diehl]

On 30.05.2014, Thomas Bastiani wrote: 

> On SSD's though, this would prevent TRIM from functioning properly 
> and make the SSD appear as full to the controller which would 
> hurt performance.

If you e.g. do a "dd if=/dev/urandom of=bigfile" to a SSD drive
until the partition is fully overwritten, simply deleting "bigfile" 
followed by a "fstrim" should restore performance to the same level as
is was before. What am I missing?

 

Re: [dm-crypt] Is erasing hard disk drive mandatory?

[Thomas Bastiani]

On 05/30/14 18:10, Heinz Diehl wrote:
> On 30.05.2014, Thomas Bastiani wrote: 
> 
>> On SSD's though, this would prevent TRIM from functioning properly 
>> and make the SSD appear as full to the controller which would 
>> hurt performance.
> 
> If you e.g. do a "dd if=/dev/urandom of=bigfile" to a SSD drive
> until the partition is fully overwritten, simply deleting "bigfile" 
> followed by a "fstrim" should restore performance to the same level as
> is was before. What am I missing?
> 

Your first step is to dd if=/dev/urandom of=/dev/sd<x> or an equivalent
operation. This is before you even create an encrypted container and
definitely below your file system... It may be that files that you
create and then delete will trigger a TRIM operation if dm-crypt (and
eventually LVM) are configured to pass TRIM through. But the rest of
your "securely erased" drive is still not TRIM-ed.

And also it doesn't make sense to configure dm-crypt to pass TRIM (with
--allow-discards) if you've written random data to your drive at
creation time because then you introduce another different type of
side-channel leak.

Does that make sense?

--
Thomas

Re: [dm-crypt] Is erasing hard disk drive mandatory?

[Heinz Diehl]

On 30.05.2014, Thomas Bastiani wrote: 

> It may be that files that you create and then delete will trigger 
> a TRIM operation if dm-crypt (and
> eventually LVM) are configured to pass TRIM through. But the rest of
> your "securely erased" drive is still not TRIM-ed.

As far as I know, mkfs discards blocks while creating the filesystem.
So your device should be "overwritten" at that stage of the process?

(I for myself never do any overwriting of harddisks, I've just
asked out of sheer curiosity).

Re: [dm-crypt] Is erasing hard disk drive mandatory?

[Thomas Bastiani]

On 05/30/14 18:47, Heinz Diehl wrote:
> On 30.05.2014, Thomas Bastiani wrote: 
> 
>> It may be that files that you create and then delete will trigger 
>> a TRIM operation if dm-crypt (and
>> eventually LVM) are configured to pass TRIM through. But the rest of
>> your "securely erased" drive is still not TRIM-ed.
> 
> As far as I know, mkfs discards blocks while creating the filesystem.
> So your device should be "overwritten" at that stage of the process?
> 

Oh cool. I had no idea. So then it would make the whole dd operation
useless if you pass --allow-discards to cryptsetup.

--
Thomas

Re: [dm-crypt] Is erasing hard disk drive mandatory?

[Arno Wagner]

It requires psecific attack situations. For example, some application
could write data in a specific pattern that would then be visible in
the raw container. Or you could determine the size of some files or
the type of the filesystem.

Not anything usually critical, but something to keep in mind
and when being careful the crypto-wipe step is advisible.

Arno



On Fri, May 30, 2014 at 17:17:27 CEST, Stephen Cousins wrote:
> Hi Heinz,
> 
> I agree. The field, by it's very nature, has varying levels of paranoia
> (rightly so as we are seeing these days) and this level is more than what I
> need for my purposes so I can save some time by not having to send random
> data to all of the drives during the build process.
> 
> Steve
> 
> 
> On Fri, May 30, 2014 at 11:07 AM, Heinz Diehl <htd@fancy-poultry.org> wrote:
> 
> > On 30.05.2014, Stephen Cousins wrote:
> >
> > > I see. So it has nothing to do with how well the data is encrypted. Just
> > > another level of protection..
> >
> > Maybe. I think the practical effects are negligible. With the first
> > minutes of use of such a disk, temporary files get written to it,
> > files get deleted, new ones get written and old stuff gets
> > overwritten. If the encryption is secure, all that doesn't really
> > matter.
> >
> > _______________________________________________
> > dm-crypt mailing list
> > dm-crypt@saout.de
> > http://www.saout.de/mailman/listinfo/dm-crypt
> >
> 
> 
> 
> -- 
> ________________________________________________________________
>  Steve Cousins             Supercomputer Engineer/Administrator
>  Advanced Computing Group            University of Maine System
>  244 Neville Hall (UMS Data Center)              (207) 561-3574
>  Orono ME 04469                      steve.cousins at maine.edu

> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt


-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -  Plato

Re: [dm-crypt] Is erasing hard disk drive mandatory?

[Laurence Darby]

You're all missing a very important point.  Have a read of
http://embeddedsw.net/doc/physical_coercion.txt (a reference on
http://en.wikipedia.org/wiki/Deniable_encryption) and think about if
you want some random data at the end of your drive that you can't
decrypt.

-- 
Laurence



Thomas Bastiani wrote:

> On 05/30/14 18:47, Heinz Diehl wrote:
> > On 30.05.2014, Thomas Bastiani wrote: 
> > 
> >> It may be that files that you create and then delete will trigger 
> >> a TRIM operation if dm-crypt (and
> >> eventually LVM) are configured to pass TRIM through. But the rest of
> >> your "securely erased" drive is still not TRIM-ed.
> > 
> > As far as I know, mkfs discards blocks while creating the filesystem.
> > So your device should be "overwritten" at that stage of the process?
> > 
> 
> Oh cool. I had no idea. So then it would make the whole dd operation
> useless if you pass --allow-discards to cryptsetup.
> 
> --
> Thomas
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

Re: [dm-crypt] Is erasing hard disk drive mandatory?

[Arno Wagner]

If you do this right (zero wipe within the opened encrypted 
container, as described in FAQ Item 2.19), then you can decrypt 
this data to zeros.

Unfortunately, given the frequency that people ask about "hidden
encrypted voluems" here and are completely unaware of the danger 
they put themselves in, I thinks educating people about this risk
is a lost cause.

Arno

On Fri, May 30, 2014 at 21:03:08 CEST, Laurence Darby wrote:
> 
> You're all missing a very important point.  Have a read of
> http://embeddedsw.net/doc/physical_coercion.txt (a reference on
> http://en.wikipedia.org/wiki/Deniable_encryption) and think about if
> you want some random data at the end of your drive that you can't
> decrypt.
> 
> -- 
> Laurence
> 
> 
> 
> Thomas Bastiani wrote:
> 
> > On 05/30/14 18:47, Heinz Diehl wrote:
> > > On 30.05.2014, Thomas Bastiani wrote: 
> > > 
> > >> It may be that files that you create and then delete will trigger 
> > >> a TRIM operation if dm-crypt (and
> > >> eventually LVM) are configured to pass TRIM through. But the rest of
> > >> your "securely erased" drive is still not TRIM-ed.
> > > 
> > > As far as I know, mkfs discards blocks while creating the filesystem.
> > > So your device should be "overwritten" at that stage of the process?
> > > 
> > 
> > Oh cool. I had no idea. So then it would make the whole dd operation
> > useless if you pass --allow-discards to cryptsetup.
> > 
> > --
> > Thomas
> > _______________________________________________
> > dm-crypt mailing list
> > dm-crypt@saout.de
> > http://www.saout.de/mailman/listinfo/dm-crypt
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -  Plato

Re: [dm-crypt] Is erasing hard disk drive mandatory?

[Heinz Diehl]

On 30.05.2014, Thomas Bastiani wrote: 

> > As far as I know, mkfs discards blocks while creating the filesystem.
> > So your device should be "overwritten" at that stage of the process?

> Oh cool. I had no idea. So then it would make the whole dd operation
> useless if you pass --allow-discards to cryptsetup.

I think so. At least mkfs.xfs, mkfs.ext4 and mkfs.btrfs are discarding blocks
while creating the fs. Don't know about other fs.