[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-crypto
Subject:    Re: (AES) loopback crypto questions
From:       "peter k." <spam-goes-to-dev-null () gmx ! net>
Date:       2001-07-11 12:28:21
[Download RAW message or body]


----- Original Message -----
From: "Dale Amon" <amon@vnl.com>
To: <linux-crypto@nl.linux.org>
Sent: Wednesday, July 11, 2001 11:47 AM
Subject: Re: (AES) loopback crypto questions


> On Tue, Jul 10, 2001 at 10:38:00PM +0200, peter k. wrote:
> > 1) if an attacker has got some files which are on an (AES) encrypted
device,
> > will he be able to decrypt the whole device?
>
> It might help slightly, ie Known Plaintext Attack, but probably not a lot.
>
> > 2) is it a good idea to run "cat /dev/zero > zero.file; shred -uv
zero.file"
> > on (AES) encrypted devices to overwrite all free space with random data
[to
> > remove any encrypted data which is left from deleted files from the
device
> > behind the loopback device and confuse attackers]?
>
> Depends on your paranoia level. If you think your key was compromised
> you might do something like this; I don't see why'd you zero before
> shredding. Personally I prefer wipe. Slow, but fairly certain.

the cat /dev/zero is only used to get a file which is as big as the left
freespace on the device, i could also have used "cat /dev/urandom >
random.file; rm -f random.file" without shred but shred is much faster than
cat /dev/urandom ;)

> In the passed I zeroed my loopbacks; but I like the idea of using
/dev/random
> for the job... although the thought of doing that over 10-20GB gives me
> thoughts of going on vacation for 2 weeks while it runs.

isnt overwriting it with zero dangerous? or at least worse than random?

> > the brackets in "(AES)" mean that i'd like to know if the answer applies
to
> > AES only or also other cyphers (i guess so?)
>
> Depends on the size of the keyspace. I imagine you get more
> information from a known plaintext attack if the keyspace is
> smaller, ie as in DES-56 or other low quality cipher.



Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

[prev in list] [next in list] [prev in thread] [next in thread]