The problem there is that the whole section of unused space will match the encryption key that was used, something like 2^256 combinations; which isn't beyond a mega-corp or government profiling to recognize and then give them a reduced range of keys to attack to deduce the free-space.
One solution to this would be to randomly (/dev/random one byte at a time) decide either what value to fill a block of a given size with or to use /dev/zero or tr ( http://mail-index.netbsd.org/netbsd-users/2002/05/08/0006.html ) ( tr '\0' '\377' </dev/zero | dd ... ) My first attempt had somewhat good results; when running DD, but was in-efficient otherwise. It had a wonderfully efficent operation during DD invocations, but was painfully slow in the operations around it; until I changed /dev/random to /dev/urandom (slightly less random, but probably still ok for this operation). Filled /dev/loop0 with 131105 blocks of data. real 0m37.842s user 0m16.445s sys 0m18.457s However that's 16 times slower than directly 'dd'ing /dev/zero. Next modification increasing the block size to 32k: Filled /dev/loop0 with 2148 blocks of data. real 0m1.304s user 0m0.572s sys 0m0.544s Yes, -that- works well. Please note, this assumes dd will fail operation at EOF; that won't occur when testing with a normal file. #!/bin/sh # Use bash for $RANDOM; however this now works in dash (using od and awk in addition to echo and dd) ### sdXn, raid, and lvm all have different sys-fs schemes, Either expand to force the user to specify. RANDOM=/dev/urandom BLOCK_SIZE=32k DEV=${1} #SIZE=${2} POS=0 BLOCK_C=0 true while [ "$?" = "0" ] do POS=$(($POS + $BLOCK_C)) BLOCK_C=$(( $( od -N1 -tu1 $RANDOM | awk '$2{print $2}' ) + 1 )) BLOCK_V=$( od -N1 -tu1 $RANDOM | awk '$2{print $2}' ) if [ "${#BLOCK_V}" = 0 ] then dd if=/dev/zero of=$DEV bs=$BLOCK_SIZE count=$BLOCK_C seek=$POS > /dev/null 2>&1 else tr '\0' \\$BLOCK_V < /dev/zero | dd of=$DEV bs=$BLOCK_SIZE count=$BLOCK_C seek=$POS > /dev/null 2>&1 fi done POS=$(($POS + $BLOCK_C)) echo "Filled $DEV with $POS blocks of data."
