LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-26-2019, 09:50 PM   #1
hddfsck
Member
 
Registered: Aug 2019
Distribution: Debian; Ubuntu
Posts: 122

Rep: Reputation: Disabled
Before encrypting a new hdd with LUKS, is there any point in first inputting random data/zeros?


Before encrypting a "new" hdd with LUKS, is there any point in first inputting random data/zeros - "ON THE ENTIRE DRIVE"?

I've heard that it is possible for someone who steals the disk to copy and/or read the contents inside "without" the passphrase and that by having the entire disk filled with data, it makes it more difficult for them to do it.

The downside is that it takes a lot of time to encrypt the drive this way, like days.

This drive will NOT have an OS; it will have 1 partition, mainly docs.

Last edited by hddfsck; 08-26-2019 at 09:52 PM.
 
Old 08-26-2019, 11:48 PM   #2
syg00
LQ Veteran
 
Registered: Aug 2003
Location: Australia
Distribution: Lots ...
Posts: 20,181

Rep: Reputation: 3755Reputation: 3755Reputation: 3755Reputation: 3755Reputation: 3755Reputation: 3755Reputation: 3755Reputation: 3755Reputation: 3755Reputation: 3755Reputation: 3755
No. This has been discussed here before.
Who are you hiding your docs from, the NSA ?. You need to be aware of what your exposure is.

I believe the argument for was to ensure no previous data (that might be replicated) could induce patterns (after encryption) that might assist a bad guy. New disk, who cares ... even for a pre-used disk I wouldn't do it.
Unscientific, unproven opinions only.
 
Old 08-27-2019, 03:25 AM   #3
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 18,398
Blog Entries: 12

Rep: Reputation: 5621Reputation: 5621Reputation: 5621Reputation: 5621Reputation: 5621Reputation: 5621Reputation: 5621Reputation: 5621Reputation: 5621Reputation: 5621Reputation: 5621
Quote:
Originally Posted by hddfsck View Post
Before encrypting a "new" hdd with LUKS, is there any point in first inputting random data/zeros
new? as in, never written to? in other words, no (personal) data?
 
Old 08-27-2019, 01:18 PM   #4
hddfsck
Member
 
Registered: Aug 2019
Distribution: Debian; Ubuntu
Posts: 122

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by ondoho View Post
new? as in, never written to? in other words, no (personal) data?
yes
 
Old 08-27-2019, 01:45 PM   #5
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: CentOS
Posts: 4,592

Rep: Reputation: 2114Reputation: 2114Reputation: 2114Reputation: 2114Reputation: 2114Reputation: 2114Reputation: 2114Reputation: 2114Reputation: 2114Reputation: 2114Reputation: 2114
If you don't fill the space with random data, then the patches of random-appearing data on the drive are a hint about the sizes of the files stored there. If you are encrypting an SSD and plan to use "trim" to improve performance, then filling with random data is pointless because blocks will be cleared by the trim operation and come back as all-zero when next used.

Note that if you are encrypting a laptop and plan to travel internationally, you might be challenged to provide a decryption key for what is actually that random data.
 
Old 08-27-2019, 01:47 PM   #6
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 18,398
Blog Entries: 12

Rep: Reputation: 5621Reputation: 5621Reputation: 5621Reputation: 5621Reputation: 5621Reputation: 5621Reputation: 5621Reputation: 5621Reputation: 5621Reputation: 5621Reputation: 5621
Quote:
Originally Posted by hddfsck View Post
yes
So what do you want to scrub then?
 
Old 08-27-2019, 08:02 PM   #7
hddfsck
Member
 
Registered: Aug 2019
Distribution: Debian; Ubuntu
Posts: 122

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by rknichols View Post
If you don't fill the space with random data, then the patches of random-appearing data on the drive are a hint about the sizes of the files stored there. If you are encrypting an SSD and plan to use "trim" to improve performance, then filling with random data is pointless because blocks will be cleared by the trim operation and come back as all-zero when next used.

Note that if you are encrypting a laptop and plan to travel internationally, you might be challenged to provide a decryption key for what is actually that random data.
Thanks. First, it may be worth noting that "this" hdd will be solely external and not likely to be connected to my computer when I am online. My concern is solely about someone stealing it and trying to open it and see everything I could see. Secondly, it is hdd, not sdd. I do travel internationally, but the hdd would likely be outside of the computer - don't know if that makes a difference. If the hdd is external and TSA asks for decryption key, then I would have to stop everything and connect it to an enclosure and then connect the enclosure to the computer; not really a huge deal.

Why would anyone care if someone knew the sizes of the files stored on the hdd?

I read the following - it's interesting...:
"Filling the disk with random data prior to encrypting it will supposedly make it harder for the attacker to perform any cryptanalysis. Most sources seem to state this is because it will be harder for the attacker to determine what data is actually encrypted (and which is just random garbage)." "Really anything that reduces entropy makes the encryption weaker though, so having a random background is more secure overall." "The recent attacks such as BEAST on AES-CBC might make it practical, but it really depends on the mode of operation." "BEAST, which is an exploit of a weakness of CBC-based encryption when the IV is predictable by an attacker who can do a chosen-plaintext attack."

Thanks again.
 
Old 08-27-2019, 08:04 PM   #8
hddfsck
Member
 
Registered: Aug 2019
Distribution: Debian; Ubuntu
Posts: 122

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by ondoho View Post
So what do you want to scrub then?
Nothing, rather, the question is about whether or not my encryption will be stronger if I filled the empty drive with random data or zeros before I added the data to the hdd.
 
Old 08-27-2019, 08:06 PM   #9
hddfsck
Member
 
Registered: Aug 2019
Distribution: Debian; Ubuntu
Posts: 122

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by rknichols View Post
If you don't fill the space with random data, then the patches of random-appearing data on the drive are a hint about the sizes of the files stored there. If you are encrypting an SSD and plan to use "trim" to improve performance, then filling with random data is pointless because blocks will be cleared by the trim operation and come back as all-zero when next used.

Note that if you are encrypting a laptop and plan to travel internationally, you might be challenged to provide a decryption key for what is actually that random data.
...I have 2-3 good articles about this if you would like the links.
 
Old 08-27-2019, 10:57 PM   #10
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: CentOS
Posts: 4,592

Rep: Reputation: 2114Reputation: 2114Reputation: 2114Reputation: 2114Reputation: 2114Reputation: 2114Reputation: 2114Reputation: 2114Reputation: 2114Reputation: 2114Reputation: 2114
Quote:
Originally Posted by hddfsck View Post
Why would anyone care if someone knew the sizes of the files stored on the hdd?
It's an information leak -- a small one, but still a leak. People who are serious about cryptography seek to close all the leaks. In the WW II German Enigma machine, a letter could never encrypt as itself, and that little leak played a huge role in cracking the encoding.
 
Old 08-27-2019, 11:32 PM   #11
JJJCR
Senior Member
 
Registered: Apr 2010
Posts: 1,892

Rep: Reputation: 338Reputation: 338Reputation: 338Reputation: 338
Question

Quote:
Originally Posted by hddfsck View Post
Nothing, rather, the question is about whether or not my encryption will be stronger if I filled the empty drive with random data or zeros before I added the data to the hdd.
Does your data really requires a hard drive? Or a small USB thumbdrive will do?

If a thumbdrive will do, then I guess it will be easier to keep it with you as you go. You don't have to worry of someone stealing it since you can just keep it in your pocket and make sure it won't drop or someone can just do a pickpocket.

For your encryption it I guess there is no such thing as cannot be decrypted if someone is really interested with your data one way or another they will break it.

Last edited by JJJCR; 08-27-2019 at 11:32 PM. Reason: edit
 
Old 08-28-2019, 01:02 AM   #12
hddfsck
Member
 
Registered: Aug 2019
Distribution: Debian; Ubuntu
Posts: 122

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by rknichols View Post
It's an information leak -- a small one, but still a leak. People who are serious about cryptography seek to close all the leaks. In the WW II German Enigma machine, a letter could never encrypt as itself, and that little leak played a huge role in cracking the encoding.
Just so you know, I posted 3 more things to you above - don't know if you saw them. Thanks.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Basic Guide To Encrypting Linux Partitions With LUKS LXer Syndicated Linux News 0 10-22-2016 05:42 PM
Help with encrypting entire hard drive with LUKS in Debian 8.2.0 "Jessie". Maxsvenman Linux - Newbie 5 12-28-2015 05:41 PM
Help with Gnumeric and inputting data through a series of questions shirleyc1992 Linux - Software 0 02-28-2013 05:44 PM
Software RAID and LUKS encrypting alpha_lt Linux - Software 2 08-29-2010 08:14 AM
A pondering about Encrypting the Keycard for a LUKS/LVM partition. lumak Slackware 3 08-15-2010 03:15 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 11:33 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration