[dm-crypt] Does safe remove has a point on an encrypted drive?

antispam06 at sent.at antispam06 at sent.at
Sat Sep 22 20:36:24 CEST 2012


On Sat, Sep 22, 2012, at 14:13, Arno Wagner wrote:
> It depends. For plain dm-crypt with a compromised passphrase,
> do secure delete for a HDD. For LUKS with a compromised passphrase,
> overwrite the header and key-slot area once for a HDD. For
> LUKS with a compromised master key, same as for plain dm-crypt.
> 
> For SSD, do secure unit erase (ATA command), overwrite and
> physical destruction.

I meant if I am on full disk encryption if it's worth the extra CPU
clocks to do a safe erase of certain files, given the data is already
random looking from the outside. It wasn't about the whole drive.


More information about the dm-crypt mailing list