On 3/08/2014 10:48 PM, Bzzzz wrote: > On Sun, 03 Aug 2014 18:20:19 +1000 > I do not agree with that because using only zeros makes > the result part predictable for the attacker: if he knows > what you wrote, he has a (very) large part of the > cryptanalysis doneā¦ > This is 1.0.1 of cryptanalysis: if you know what's encrypted > you'll know how it was done.
Yes, but the method of encryption used (aes-xts-plain64) does NOT lend itself to this kind of analysis. The cryptsetup FAQ documentation covers my use of /dev/zero .... we've had this discussion before ;-) https://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions#2._Setup See step 6, there is an earlier write of /dev/zero at step 3, but I think that is pointless unless you don't do the optional one at step 6. btw aes-xts-plain64 (for 2TB+ sized drives) is the default for version 1.6.0 onwards, but Debian stable is using version 1.4.3 at this time. Just don't use defaults; case in point is using the CAST5 cipher for symmetric encryption with gpg ... what a joke that default is! Cheers A.
signature.asc
Description: OpenPGP digital signature
