Re: [partman-crypto] Trying to understand crypto_do_wipe ( )
On Mon, Sep 8, 2008 at 1:03 AM, David Härdeman <david@hardeman.nu> wrote:
>
> crypto_wipe_device() will first setup a crypt-device using a random
> passphrase, then write data to the crypted device. After that is done, the
> crypt-device is unmounted and the key is effectively lost and
> forgotten...the result should be indistinguishable from "truely" random data
> for all practical purposes.
Many thanks for the fast reply. I completely misread what those lines
did and am most grateful for your clear explanation. I would never
have come up with this elegant way of wiping the disk. It makes a lot
more sense to me than the various accounts I found of using the
badblocks utility for that.
If I may ask one more question, slightly tangential, just to check if
I get it now: when I'm setting up a new crypt-device manually, it
should be ok to wipe the disk *after* setting up the crypt_device with
the actual passphrase we will be using with it later, is that right?
Or would there still be any benefit in doing it beforehand with a
temporary crypt-device with a different (perhaps random) passphrase?
(If I understand well, the former should be fine assuming that there
are no weaknesses in the encryption scheme).
Thanks again,
Yung-Chin
Reply to: