So on this page: http://www.saout.de/tikiwiki/tiki-index.php?page=EncryptedDevice there is a suggestion that people fill the encrypted image of a dm-crypt target with random data. Why?
I assume this is because making the filesystem on the unencrypted (upper) layer will only write to a small portion of the overall disk space. Presumably then the apparently non-random blocks on the encrypted (lower) layer then represent areas unwritten to on the unencrypted layer. What else is leaked by not filling the lower layer with random data before creating and formatting the upper? I found the suggestion of using /dev/urandom to be far too slow, as it produces 160 bits of output per SHA-1 computation. I want to know if the fourth paragraph is correct, that copying /dev/zero to the upper layer before creating a file system would indeed provide the same protection against whatever attack the "fill with random bits" protects against. -- "Whosoever is delighted in solitude is either a wild beast or a god." -><- http://www.lightconsulting.com/~travis/ GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
