From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from v4.tansi.org (ns.km33513-03.keymachine.de [87.118.94.3]) by mail.saout.de (Postfix) with ESMTP for ; Sat, 19 Feb 2011 20:09:00 +0100 (CET) Received: from gatewagner.dyndns.org (84-74-164-239.dclient.hispeed.ch [84.74.164.239]) by v4.tansi.org (Postfix) with ESMTPA id D3889204F21 for ; Sat, 19 Feb 2011 20:08:59 +0100 (CET) Date: Sat, 19 Feb 2011 20:08:58 +0100 From: Arno Wagner Message-ID: <20110219190858.GA6981@tansi.org> References: <20110218173302.GA9234@tansi.org> <20110218200718.GA12395@tansi.org> <4D5FF3CC.6010804@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4D5FF3CC.6010804@gmail.com> Subject: Re: [dm-crypt] LUKS and LVM List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On Sat, Feb 19, 2011 at 09:46:04AM -0700, Nicolas Bock wrote: > > > On 02/18/11 13:07, Arno Wagner wrote: > > (I use plain dm-crypt > >>> with a random password and overwrite with conventional, > >>> mt19997-generated randomness). > > > Why use random data to overwrite? Shouldn't /dev/zero be enough since > the crypto should produce good randomness on disk? It is only marginally slower this way and there may be issues with initialisation vectors in disk encryption. There are no that I know of with the current cryptsetup defaults. This is just a very cheap additional layer of protection. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier