[dm-crypt] Is erasing hard disk drive mandatory?

Laurence Darby ldarby at tuffmail.com
Fri May 30 21:03:08 CEST 2014


You're all missing a very important point.  Have a read of
http://embeddedsw.net/doc/physical_coercion.txt (a reference on
http://en.wikipedia.org/wiki/Deniable_encryption) and think about if
you want some random data at the end of your drive that you can't
decrypt.

-- 
Laurence



Thomas Bastiani wrote:

> On 05/30/14 18:47, Heinz Diehl wrote:
> > On 30.05.2014, Thomas Bastiani wrote: 
> > 
> >> It may be that files that you create and then delete will trigger 
> >> a TRIM operation if dm-crypt (and
> >> eventually LVM) are configured to pass TRIM through. But the rest of
> >> your "securely erased" drive is still not TRIM-ed.
> > 
> > As far as I know, mkfs discards blocks while creating the filesystem.
> > So your device should be "overwritten" at that stage of the process?
> > 
> 
> Oh cool. I had no idea. So then it would make the whole dd operation
> useless if you pass --allow-discards to cryptsetup.
> 
> --
> Thomas
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt


More information about the dm-crypt mailing list