On 3/06/2014 6:58 AM, John Hasler wrote: > Andrew McGlashan writes: >> Yes, maybe so, but these are brand new 4TB drives that haven't had any >> other data on them before (factory fresh). I've done badblock testing >> on them as a first step after removing them from their new packaging >> and so far, they haven't seen any data other than encrypted data > > And therefor it will be easy for an adversary to tell which blocks have > data on them and which have yet to be used. Write the entire disk over > with random data before starting to use it and an adversary will have to > try to decrypt every block without knowing whether it's something you > encrypted or just random numbers.
I don't believe that is right. As the drive is under LUKS /control/ with crypt using my key ... when I write /dev/zero across the whole volume, then it can not be determined where any of the real data is. The drive does not get a bunch of zeroes stored, it gets crypted zeroes and the resulting data differs across the disk according to the key use and cipher choice. If I am wrong, then it will be necessary to write random data across the disk before use instead of /dev/zero ... but that will take a great deal of time, if it's needed though, I'll do it. Cheers A. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
