Re: cryptsetup problem

[Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>]

On 3/06/2014 6:58 AM, John Hasler wrote:
> Andrew McGlashan writes:
>> Yes, maybe so, but these are brand new 4TB drives that haven't had any
>> other data on them before (factory fresh).  I've done badblock testing
>> on them as a first step after removing them from their new packaging
>> and so far, they haven't seen any data other than encrypted data
> 
> And therefor it will be easy for an adversary to tell which blocks have
> data on them and which have yet to be used.  Write the entire disk over
> with random data before starting to use it and an adversary will have to
> try to decrypt every block without knowing whether it's something you
> encrypted or just random numbers.

I don't believe that is right.  As the drive is under LUKS /control/
with crypt using my key ... when I write /dev/zero across the whole
volume, then it can not be determined where any of the real data is.
The drive does not get a bunch of zeroes stored, it gets crypted zeroes
and the resulting data differs across the disk according to the key use
and cipher choice.

If I am wrong, then it will be necessary to write random data across the
disk before use instead of /dev/zero ... but that will take a great deal
of time, if it's needed though, I'll do it.

Cheers
A.