Randomizing LUKS Partition

wswartzendruber · Posted: Fri Apr 17, 2009 10:33 pm Post subject: Randomizing LUKS Partition

Instead of,

Sadako · Posted: Fri Apr 17, 2009 11:11 pm Post subject:

You've got the right idea, but what's better is to actually create a random cryptsetup mapping first, with a completely random key, like so;

Hu · Administrator Joined: 06 Mar 2007 Posts: 23091

Zeroing the plaintext volume encrypted by your longterm master key is probably not a good idea. You are better off having the unused regions be truly random, or at least filled with data encrypted by a different key, as suggested by Hopeless.

If the attacker knows an area decrypts to all zeroes, then applying a brute force attack is a bit easier, since he only needs to find a key+IV that produces an all zero output, as opposed to analyzing the output to see if it looks plausible for a filesystem. However, with a good key and a good algorithm free from design weaknesses, such an attack should still be impractical today.

nixnut · Posted: Sat Apr 18, 2009 10:05 am Post subject:

Moved from Installing Gentoo to Networking & Security.
not about getting gentoo installed, so moved here
_________________
Please add [solved] to the initial post's subject line if you feel your problem is resolved. Help answer the unanswered

talk is cheap. supply exceeds demand

wswartzendruber · Posted: Sat Apr 18, 2009 10:34 am Post subject:

I was COMPLETELY drunk when I posted this and forgot all about it.

Anyway, thanks.
_________________
Git has obsoleted SVN.
10mm Auto has obsoleted 45 ACP.