[dm-crypt] Encrypted partitions with sectors to zero?

Thomas Martin tmartincpp at gmail.com
Thu Oct 24 09:33:47 CEST 2013

Hello Arno.

> Encryption does not overwrite your data. If you want that
> with LUKS or plain dm-crypt, ypu need to do the overwrite
> yyourself. Some tools, like TrueCrypt, offer you to do
> this optionally during installation.
> See also FAQ item 5.3.

My bad, this is actually obvious (I always used shred when I was
converting my old unsecured machines before encrypting them).

> Yes. See FAQ item 5.3. If you do it for an already created
> filesystem, you will not reach everything though, that is
> why the overwrite should be done after crypto-mapping, but
> before filesystem creation.
> Arno

Good point, I was looking to avoid insecurities by disabling TRIM but
I didn't understood that this insecurity was "by default" even
wwithout TRIM (as I didn't filled the LUKS container).

Thanks a lot Arno, this is a lot more understandable for me now.

More information about the dm-crypt mailing list