[dm-crypt] Is erasing hard disk drive mandatory?

Arno Wagner arno at wagner.name
Fri May 30 15:42:38 CEST 2014


If you put an encrypted volume on a blank disk, anybody getting
access to the raw disk can tell where (whcih secotrs) data was 
written to. That can represent a hidden channel that leaks
information.

Arno

On Fri, May 30, 2014 at 15:32:38 CEST, Stephen Cousins wrote:
> I've been curious about the random data step for a while. I created an
> array made up of dm-crypted disks but I didn't do this step. The disks did
> have some data on them but not necessarily random data. What is the
> functional purpose of writing random data to the disk prior to encrypting
> them? Does the encryption process use existing data from the disk as part
> of it's encryption method? What would happen if dm-crypt was used on a
> completely blank disk?
> 
> Thanks,
> 
> Steve
> 
> 
> On Thu, May 29, 2014 at 4:13 PM, Arno Wagner <arno at wagner.name> wrote:
> 
> > First, I presume this is about wiping the raw volume with
> > cryptographically striong randomness, or wriping the new
> > encrypted volume with anything (e.g. zeros). These two come
> > down to the same effect on the raw volume.
> >
> > Erasing is not recommended to remove any data that was there
> > before (if you want that, you must erase, but it is a separate
> > thing). Erasing is recommended to make it non-transparent where
> > data was written in the encrypted volume. If you care, then you
> > need to erase.
> >
> > Arno
> >
> > On Thu, May 29, 2014 at 15:33:23 CEST, Kenny Lake wrote:
> > > If I want to create an encrypted volume, over a disk drive where there
> > > were no sensible data or there was another encrypted volume, can i skip
> > > the erasing procedure or will compromise the security of the new
> > encrypted
> > > volume?
> >
> > > _______________________________________________
> > > dm-crypt mailing list
> > > dm-crypt at saout.de
> > > http://www.saout.de/mailman/listinfo/dm-crypt
> >
> >
> > --
> > Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
> > GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
> > ----
> > A good decision is based on knowledge and not on numbers. -  Plato
> > _______________________________________________
> > dm-crypt mailing list
> > dm-crypt at saout.de
> > http://www.saout.de/mailman/listinfo/dm-crypt
> >
> 
> 
> 
> -- 
> ________________________________________________________________
>  Steve Cousins             Supercomputer Engineer/Administrator
>  Advanced Computing Group            University of Maine System
>  244 Neville Hall (UMS Data Center)              (207) 561-3574
>  Orono ME 04469                      steve.cousins at maine.edu

> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt


-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -  Plato


More information about the dm-crypt mailing list