methods of filling encrypted disks
Ben Laurie
ben at algroup.co.uk
Sun Feb 5 13:49:42 EST 2006
Travis H. wrote:
> So on this page:
> http://www.saout.de/tikiwiki/tiki-index.php?page=EncryptedDevice
> there is a suggestion that people fill the encrypted image of a
> dm-crypt target with random data. Why?
>
> I assume this is because making the filesystem on the unencrypted
> (upper) layer will only write to a small portion of the overall disk
> space. Presumably then the apparently non-random blocks on the
> encrypted (lower) layer then represent areas unwritten to on the
> unencrypted layer. What else is leaked by not filling the lower layer
> with random data before creating and formatting the upper?
You want to not advertise the size of your encrypted data to the Bad
Guy, because then the Bad Guy doesn't know when he's hit you enough to
get you to reveal all your data. Assuming, that is, you actually want to
keep it secret. If you'd prefer not to be hit, being able to prove you
decrypted everything might be a good idea.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list