[dm-crypt] Is erasing hard disk drive mandatory?

Arno Wagner arno at wagner.name
Fri May 30 21:25:37 CEST 2014


If you do this right (zero wipe within the opened encrypted 
container, as described in FAQ Item 2.19), then you can decrypt 
this data to zeros.

Unfortunately, given the frequency that people ask about "hidden
encrypted voluems" here and are completely unaware of the danger 
they put themselves in, I thinks educating people about this risk
is a lost cause.

Arno

On Fri, May 30, 2014 at 21:03:08 CEST, Laurence Darby wrote:
> 
> You're all missing a very important point.  Have a read of
> http://embeddedsw.net/doc/physical_coercion.txt (a reference on
> http://en.wikipedia.org/wiki/Deniable_encryption) and think about if
> you want some random data at the end of your drive that you can't
> decrypt.
> 
> -- 
> Laurence
> 
> 
> 
> Thomas Bastiani wrote:
> 
> > On 05/30/14 18:47, Heinz Diehl wrote:
> > > On 30.05.2014, Thomas Bastiani wrote: 
> > > 
> > >> It may be that files that you create and then delete will trigger 
> > >> a TRIM operation if dm-crypt (and
> > >> eventually LVM) are configured to pass TRIM through. But the rest of
> > >> your "securely erased" drive is still not TRIM-ed.
> > > 
> > > As far as I know, mkfs discards blocks while creating the filesystem.
> > > So your device should be "overwritten" at that stage of the process?
> > > 
> > 
> > Oh cool. I had no idea. So then it would make the whole dd operation
> > useless if you pass --allow-discards to cryptsetup.
> > 
> > --
> > Thomas
> > _______________________________________________
> > dm-crypt mailing list
> > dm-crypt at saout.de
> > http://www.saout.de/mailman/listinfo/dm-crypt
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -  Plato


More information about the dm-crypt mailing list