From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mail.saout.de (Postfix) with ESMTP for ; Sat, 19 Feb 2011 18:10:11 +0100 (CET) Received: from int-mx02.intmail.prod.int.phx2.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id p1JHA9KN001557 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Sat, 19 Feb 2011 12:10:10 -0500 Received: from [10.36.9.145] (vpn2-9-145.ams2.redhat.com [10.36.9.145]) by int-mx02.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id p1JHA8mO023040 for ; Sat, 19 Feb 2011 12:10:09 -0500 Message-ID: <4D5FF970.3090500@redhat.com> Date: Sat, 19 Feb 2011 18:10:08 +0100 From: Milan Broz MIME-Version: 1.0 References: <20110218173302.GA9234@tansi.org> <20110218200718.GA12395@tansi.org> <4D5FF3CC.6010804@gmail.com> In-Reply-To: <4D5FF3CC.6010804@gmail.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] LUKS and LVM List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: dm-crypt@saout.de On 02/19/2011 05:46 PM, Nicolas Bock wrote: > Why use random data to overwrite? Shouldn't /dev/zero be enough since > the crypto should produce good randomness on disk? Then you can distinguish between used blocks ("random noise") and unused blocks (remains zeroed). So filling with zero guarantees that old data are wiped, but also leaks info which blocks were overwritten later. Question: Is it good idea to add "wipe" option to cryptsetup luksFormat? So it optionally can wipe all the space with random data? (probably using some fast RNG provided by crypto backend or by encryption zero data with the same algorithm as in luksFormat but using one-time random key) If so, I'll add this to my todo list. Milan