[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-crypto
Subject: Re: (AES) loopback crypto questions
From: "peter k." <spam-goes-to-dev-null () gmx ! net>
Date: 2001-07-11 12:28:21
[Download RAW message or body]
----- Original Message -----
From: "Dale Amon" <amon@vnl.com>
To: <linux-crypto@nl.linux.org>
Sent: Wednesday, July 11, 2001 11:47 AM
Subject: Re: (AES) loopback crypto questions
> On Tue, Jul 10, 2001 at 10:38:00PM +0200, peter k. wrote:
> > 1) if an attacker has got some files which are on an (AES) encrypted
device,
> > will he be able to decrypt the whole device?
>
> It might help slightly, ie Known Plaintext Attack, but probably not a lot.
>
> > 2) is it a good idea to run "cat /dev/zero > zero.file; shred -uv
zero.file"
> > on (AES) encrypted devices to overwrite all free space with random data
[to
> > remove any encrypted data which is left from deleted files from the
device
> > behind the loopback device and confuse attackers]?
>
> Depends on your paranoia level. If you think your key was compromised
> you might do something like this; I don't see why'd you zero before
> shredding. Personally I prefer wipe. Slow, but fairly certain.
the cat /dev/zero is only used to get a file which is as big as the left
freespace on the device, i could also have used "cat /dev/urandom >
random.file; rm -f random.file" without shred but shred is much faster than
cat /dev/urandom ;)
> In the passed I zeroed my loopbacks; but I like the idea of using
/dev/random
> for the job... although the thought of doing that over 10-20GB gives me
> thoughts of going on vacation for 2 weeks while it runs.
isnt overwriting it with zero dangerous? or at least worse than random?
> > the brackets in "(AES)" mean that i'd like to know if the answer applies
to
> > AES only or also other cyphers (i guess so?)
>
> Depends on the size of the keyspace. I imagine you get more
> information from a known plaintext attack if the keyspace is
> smaller, ie as in DES-56 or other low quality cipher.
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic