4

Most disk encryption guides recommend to overwrite the disk with random data before encryption, this is discussed here.

However the time this takes with the "standard" source of random data can be rather slow:

# dd if=/dev/urandom of=/dev/sdb1 bs=10M
29+1 records in
29+0 records out
304087040 bytes (304 MB) copied, 15.5476 s, 19.6 MB/s

On an encrypted device (specifically, with LUKS), are there any drawbacks when one just fills the encrypted partition with zeros?

# dd if=/dev/zero of=/dev/mapper/data bs=50M
1099+0 records in
1099+0 records out
57619251200 bytes (58 GB) copied, 306.091 s, 188 MB/s

The only problem I could see would be that if known-plaintext attacks surface, this method might give an attacker plenty of sample data to play with.

Community
  • 1
quazgar
  • 240
  • 1
  • 8

1 Answers1

5

Filling an encrypted volume with zeroes is the recommended method for overwriting a disk in the cryptsetup FAQ (section 2.19).

Use a throwaway key so that the resulting ciphertext no longer corresponds to a known plaintext under your actual key.

Vincent Yu
  • 218
  • 1
  • 6
  • Good point about using another key for this step! – quazgar Sep 14 '15 at 09:46
  • 2
    Just a question : what are the theoretical risks of using the same key as the encrypted data ? The attacker will not be able to tell that the data is in fact encrypted zeroes, as the disk is encrypted. – Hey Apr 02 '16 at 09:37
  • 1
    The Arch Linux Wiki has an [extensive article](https://wiki.archlinux.org/index.php/Securely_wipe_disk) about wiping storage devices. In particular, take a look at the [advanced dd example](https://wiki.archlinux.org/index.php/Securely_wipe_disk/Tips_and_tricks#dd_-_advanced_example) in the Tips & Tricks. – Caleb Reister Aug 22 '17 at 04:16