Why does overwriting the disk with random data slow down attacks on encryption ?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Why does overwriting the disk with random data slow down attacks on encryption ?
Hi
Ive read some articles about encrypting a disk/partitions with dm-crypt and LUKS. I see that all articles say that you should overwrite the partition/disk to slow down attacks on the encryption. Can someone tell me how this slows down encryption ? Wouldnt the disk also be very fragmented so it would perform worse ? Maybe thats one of the downsides of having encryption?
Ive read some articles about encrypting a disk/partitions with dm-crypt and LUKS. I see that all articles say that you should overwrite the partition/disk to slow down attacks on the encryption. Can someone tell me how this slows down encryption ? Wouldnt the disk also be very fragmented so it would perform worse ? Maybe thats one of the downsides of having encryption?
It makes it extremely difficult for the bad guy to know how much actual data resides on the disk.
I don't see how random overwrites prior to formatting could decrease performance.
Thanks for answering win32sux. Do you know how strong this encryption is, i mean who could break this kind of encryption when the disk has been overwritten with random data, would hackers be able to break it ? I recently saw an article where some security specialists had cracked several encryption tools (like dm-crypt and many others, like for example truecrypt) were the weakness was that the data was stored in RAM too long and they could read it from there when the computer was turned off or something.. they cooled down the RAM chips so the information wouldnt disappear in RAM as fast as it used to, or something like that.. does that mean that the encryption is now easy to break ? (ref. this article: http://www.eff.org/press/archives/2008/02/21-0 )
Im also wondering how strong the encryption is when using the badblocks program or the shred/wipe command to generate random data on a partition compared to using /dev/random or /dev/urandom. How big of a difference is it ? What about when no random data has been written to the partition(s) before adding encryption with cryptsetup for example, how strong or weak would it be compared to when you are writing random data on the partitions, would it be easy to break ?
Thanks for answering win32sux. Do you know how strong this encryption is, i mean who could break this kind of encryption when the disk has been overwritten with random data, would hackers be able to break it ? I recently saw an article where some security specialists had cracked several encryption tools (like dm-crypt and many others, like for example truecrypt) were the weakness was that the data was stored in RAM too long and they could read it from there when the computer was turned off or something.. they cooled down the RAM chips so the information wouldnt disappear in RAM as fast as it used to, or something like that.. does that mean that the encryption is now easy to break ? (ref. this article: http://www.eff.org/press/archives/2008/02/21-0 )
This weakness affects ALL encryption tools, as they all need to have the key available somewhere in order to decrypt data. The cold boot attack isn't a way to crack encryption, it's just one way for a bad guy to obtain the encryption key without your authorization. Another way he could obtain the key could be to make a copy of the USB flash drive where you have it stored while you aren't looking, or using a rubber hose to beat the key out of you.
Quote:
Im also wondering how strong the encryption is when using the badblocks program or the shred/wipe command to generate random data on a partition compared to using /dev/random or /dev/urandom. How big of a difference is it ? What about when no random data has been written to the partition(s) before adding encryption with cryptsetup for example, how strong or weak would it be compared to when you are writing random data on the partitions, would it be easy to break ?
Overwriting a drive with random data before doing your encryption doesn't make the encryption any stronger. It's still exactly the same encryption, and exactly as strong. What it gets you is a reduction in the amount of information the bad guy has about your data.
Oh, and BTW, it (total random overwrite) also reduces the possibility that files which were resident on the drive prior to encryption will be recoverable via forensics after the drive is freshly formatted and the encryption layer is activated. This is probably of much greater importance for most people than making the amount of encrypted data unknown.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.