LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 11-28-2008, 03:18 PM   #1
exceed1
Member
 
Registered: Mar 2008
Location: oslo
Distribution: debian,redhat
Posts: 199

Rep: Reputation: 31
Why does overwriting the disk with random data slow down attacks on encryption ?


Hi

Ive read some articles about encrypting a disk/partitions with dm-crypt and LUKS. I see that all articles say that you should overwrite the partition/disk to slow down attacks on the encryption. Can someone tell me how this slows down encryption ? Wouldnt the disk also be very fragmented so it would perform worse ? Maybe thats one of the downsides of having encryption?

Thanks for all help.
 
Old 11-28-2008, 04:42 PM   #2
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by exceed1 View Post
Ive read some articles about encrypting a disk/partitions with dm-crypt and LUKS. I see that all articles say that you should overwrite the partition/disk to slow down attacks on the encryption. Can someone tell me how this slows down encryption ? Wouldnt the disk also be very fragmented so it would perform worse ? Maybe thats one of the downsides of having encryption?
It makes it extremely difficult for the bad guy to know how much actual data resides on the disk.

I don't see how random overwrites prior to formatting could decrease performance.

Last edited by win32sux; 11-28-2008 at 04:44 PM.
 
Old 11-28-2008, 05:07 PM   #3
exceed1
Member
 
Registered: Mar 2008
Location: oslo
Distribution: debian,redhat
Posts: 199

Original Poster
Rep: Reputation: 31
Thanks for answering win32sux. Do you know how strong this encryption is, i mean who could break this kind of encryption when the disk has been overwritten with random data, would hackers be able to break it ? I recently saw an article where some security specialists had cracked several encryption tools (like dm-crypt and many others, like for example truecrypt) were the weakness was that the data was stored in RAM too long and they could read it from there when the computer was turned off or something.. they cooled down the RAM chips so the information wouldnt disappear in RAM as fast as it used to, or something like that.. does that mean that the encryption is now easy to break ? (ref. this article: http://www.eff.org/press/archives/2008/02/21-0 )

Im also wondering how strong the encryption is when using the badblocks program or the shred/wipe command to generate random data on a partition compared to using /dev/random or /dev/urandom. How big of a difference is it ? What about when no random data has been written to the partition(s) before adding encryption with cryptsetup for example, how strong or weak would it be compared to when you are writing random data on the partitions, would it be easy to break ?

Last edited by exceed1; 11-28-2008 at 05:14 PM.
 
Old 11-28-2008, 05:46 PM   #4
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by exceed1 View Post
Thanks for answering win32sux. Do you know how strong this encryption is, i mean who could break this kind of encryption when the disk has been overwritten with random data, would hackers be able to break it ? I recently saw an article where some security specialists had cracked several encryption tools (like dm-crypt and many others, like for example truecrypt) were the weakness was that the data was stored in RAM too long and they could read it from there when the computer was turned off or something.. they cooled down the RAM chips so the information wouldnt disappear in RAM as fast as it used to, or something like that.. does that mean that the encryption is now easy to break ? (ref. this article: http://www.eff.org/press/archives/2008/02/21-0 )
This weakness affects ALL encryption tools, as they all need to have the key available somewhere in order to decrypt data. The cold boot attack isn't a way to crack encryption, it's just one way for a bad guy to obtain the encryption key without your authorization. Another way he could obtain the key could be to make a copy of the USB flash drive where you have it stored while you aren't looking, or using a rubber hose to beat the key out of you.

Quote:
Im also wondering how strong the encryption is when using the badblocks program or the shred/wipe command to generate random data on a partition compared to using /dev/random or /dev/urandom. How big of a difference is it ? What about when no random data has been written to the partition(s) before adding encryption with cryptsetup for example, how strong or weak would it be compared to when you are writing random data on the partitions, would it be easy to break ?
Overwriting a drive with random data before doing your encryption doesn't make the encryption any stronger. It's still exactly the same encryption, and exactly as strong. What it gets you is a reduction in the amount of information the bad guy has about your data.

Last edited by win32sux; 11-28-2008 at 06:31 PM.
 
Old 11-29-2008, 12:22 PM   #5
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Oh, and BTW, it (total random overwrite) also reduces the possibility that files which were resident on the drive prior to encryption will be recoverable via forensics after the drive is freshly formatted and the encryption layer is activated. This is probably of much greater importance for most people than making the amount of encrypted data unknown.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Countermeasures for cold boot attacks on encryption keys? win32sux Linux - Security 23 01-18-2009 08:21 PM
Data Encryption NickCoons Linux - Security 12 11-14-2007 10:17 PM
Overwriting data with zeroes prior to deletion. Daws Linux - General 7 07-25-2007 05:23 PM
Linux password encryption and data encryption Tux-Slack Programming 4 06-20-2007 06:46 AM
floppy only reads first disk, if new disk is inserted data from first disk is shown. lakosked Debian 3 02-18-2006 08:44 PM


All times are GMT -5. The time now is 05:54 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration