[dm-crypt] Is erasing hard disk drive mandatory?

Stephen Cousins steve.cousins at maine.edu
Fri May 30 15:32:38 CEST 2014


I've been curious about the random data step for a while. I created an
array made up of dm-crypted disks but I didn't do this step. The disks did
have some data on them but not necessarily random data. What is the
functional purpose of writing random data to the disk prior to encrypting
them? Does the encryption process use existing data from the disk as part
of it's encryption method? What would happen if dm-crypt was used on a
completely blank disk?

Thanks,

Steve


On Thu, May 29, 2014 at 4:13 PM, Arno Wagner <arno at wagner.name> wrote:

> First, I presume this is about wiping the raw volume with
> cryptographically striong randomness, or wriping the new
> encrypted volume with anything (e.g. zeros). These two come
> down to the same effect on the raw volume.
>
> Erasing is not recommended to remove any data that was there
> before (if you want that, you must erase, but it is a separate
> thing). Erasing is recommended to make it non-transparent where
> data was written in the encrypted volume. If you care, then you
> need to erase.
>
> Arno
>
> On Thu, May 29, 2014 at 15:33:23 CEST, Kenny Lake wrote:
> > If I want to create an encrypted volume, over a disk drive where there
> > were no sensible data or there was another encrypted volume, can i skip
> > the erasing procedure or will compromise the security of the new
> encrypted
> > volume?
>
> > _______________________________________________
> > dm-crypt mailing list
> > dm-crypt at saout.de
> > http://www.saout.de/mailman/listinfo/dm-crypt
>
>
> --
> Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
> GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
> ----
> A good decision is based on knowledge and not on numbers. -  Plato
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>



-- 
________________________________________________________________
 Steve Cousins             Supercomputer Engineer/Administrator
 Advanced Computing Group            University of Maine System
 244 Neville Hall (UMS Data Center)              (207) 561-3574
 Orono ME 04469                      steve.cousins at maine.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20140530/6a6a4a60/attachment.html>


More information about the dm-crypt mailing list