> Von: Travis H. [mailto:[EMAIL PROTECTED] > > So on this page: > http://www.saout.de/tikiwiki/tiki-index.php?page=EncryptedDevice > there is a suggestion that people fill the encrypted image of > a dm-crypt target with random data. Why? > [...] > I found the suggestion of using /dev/urandom to be far too > slow, as it produces 160 bits of output per SHA-1 > computation. I want to know if the fourth paragraph is > correct, that copying /dev/zero to the upper layer before > creating a file system would indeed provide the same > protection against whatever attack the "fill with random bits" > protects against.
What about using /dev/zero to fill the drive? Assuming that you configure dm-crypt to use a secure cipher and a reasonably good mode of operation, of course. Maybe use a key different from that you will use finally for the device. However, make sure that you do that before mkfs, otherwise all the non-user-writeable parts of the device (inode tables etc) will not be filled. Are there any problems with this? I would assume that when the crypto is good enough for my data, it should also hide all-zeroes, shouldn't it? Ulrich --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
