[dm-crypt] Does safe remove has a point on an encrypted drive?

Arno Wagner arno at wagner.name
Sat Sep 22 21:55:44 CEST 2012


On Sat, Sep 22, 2012 at 09:05:27PM +0200, Claudio Moretti wrote:
> >
> > I meant if I am on full disk encryption if it's worth the extra CPU
> > clocks to do a safe erase of certain files, given the data is already
> > random looking from the outside. It wasn't about the whole drive.
> >
> >
> The point is exactly that: your data looks random from the outside, but not
> from the inside. If an attacker gets access to your running computer or
> discovers your password, dm-crypt cannot protect you, because the attacker
> has access to your unencrypted hard drive.

Exactly. So if you erase a full disk/partition, my earlier
comment applies. For erasing single file securely inside a LUKS
or dm-crypt container, do overwrites. There is evidence  
that a single overwrite is enough for magnetic disks. 

For journalling filesystems (ext3/4, e.g.), it may be necessary
to still wipe the whole partition for HDDs and for SSDs, a full 
secure erase including physical destrucion afterwards may be the 
only way. 

My recomendation would be to do ext2 and use wipe with 4
random overwrites for HDDs and to not put anything secret on
SSDs.

If you are comfortable with ordinary, not secure, erase, 
just use that, but take into account that once your key is 
compromised, your erased data may be compromised.


Incidentally, I believe all this can be found in the FAQ.


Arno
-- 
Arno Wagner,    Dr. sc. techn., Dipl. Inform.,   Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
One of the painful things about our time is that those who feel certainty 
are stupid, and those with any imagination and understanding are filled 
with doubt and indecision. -- Bertrand Russell 


More information about the dm-crypt mailing list