--
Greg Freemyer
On Tue, May 27, 2014 at 10:29 AM, Jeff Mahoney
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 5/27/14, 10:22 AM, Arvin Schnell wrote:
On Tue, May 27, 2014 at 10:11:02AM -0400, Jeff Mahoney wrote:
A lot of (if not most) SSDs set trimmed sectors to all nulls.
Doing that on an encrypted partition would allow a cracker to identify encrypted data from encrypted garbage. That is not a good thing, especially if the partition is significantly underfilled. Ie a drive with only 10% utilization would have 90% nulls, so you have drastically simplified life for an attacker.
Wouldn't that also imply that anyone using an encrypted partition should also fill it with random data prior to using it?
Otherwise an attacker can definitely see how full the filesystem is.
I'm not saying it's an invalid argument -- I'm just saying that nobody is doing it.
I've mostly been using TrueCrypt containers recently. When you create a TrueCrypt container you choose between dynamic and regular. A dynamic container starts small and grows as you add data. A regular container is created full size. If you go with a regular container, the container is filled with encrypted random garbage at the creation of the container. If you use truecrypt with partitions / devices, then there is a quick format option. If you don't use quick format, truecrypt will fill the partition / device with encrypted garbage as part of the formatting process. I don't know what luks / cryptsetup does when it formats a partition. Greg -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org