You are not logged in.

#1 2019-01-02 15:51:53

tnek
Member
Registered: 2008-06-10
Posts: 40

Is there a reason to do a secure erase of partitions before setup?

When using dm-crypt/LUKS for a full disk encryption it's recommended to securely erase the entire drive before setup.

But what about when adding Arch to a multi boot setup?

I could create partitions over the unused parts and write random data to them and then go on with the installation.

Is there any benefit to doing that?

Offline

#2 2019-01-02 16:13:53

mpan
Member
Registered: 2012-08-01
Posts: 1,188
Website

Re: Is there a reason to do a secure erase of partitions before setup?

It is less about wiping (removal of old data) and more about ensuring that the whole area of encrypted volume is high-entropy data. The attacker should not be able to tell, if one portion of the encrypted volume is different in any way from another one; if it contains real data or just garbage or encrypted zeros. Failing to ensure this will at least leak metadata. That may range from actually revealing an approximation of the encrypted data (that happened with ECB mode of operation, which was nicely encrypting data, but you can kinda say that “something smells on that enrypted picture”), through being used in corelation attacks, to making it impossible to use plausible deniality. And I remind you “we kill people basesd on metadata”.

The requirement applies to the area to be encrypted, not the whole drive. So on a multiboot medium with poirtions of it openly unencrypted, you do not erase the parts that have to stay unencrypted.

A minor side-effect to filling the medium with pseudorandom data is that you perform proof-of-space. If you have a 1TB medium, filling it with 1TB pseudorandom data will obviously reveal that something is wrong if it fail halfway through.


Sometimes I seem a bit harsh — don’t get offended too easily!

Offline

#3 2019-01-02 18:20:12

/dev/zero
Member
From: Melbourne, Australia
Registered: 2011-10-20
Posts: 1,247

Re: Is there a reason to do a secure erase of partitions before setup?

mpan wrote:

Failing to ensure this will at least leak metadata ... making it impossible to use plausible deniality

Note that with LUKS, there is already not much hope of plausible deniability, since the discovery of a LUKS header will reveal the existence of an encrypted drive.

Now, one could use the "--header" option to create a detached header and store it on some other device away from the actual encrypted data. However, it is not the default behaviour. Furthermore, when encrypting an entire system, it's also a bit inconvenient to have to plug in your USB stick or microsd card just to boot. And you could go to all that effort, just to have it rendered irrelevant when the usb stick could still be discovered anyway.

Which leads into the fact that if your threat model requires worrying about plausible deniability, then you are up against the sort of adversary who would be willing to surveil you for some time in advance, so they may well notice "oh, the target needs to plug in their usb stick every time they boot, so make sure to grab the usb stick".

In other words, I just wouldn't count on LUKS for plausible deniability in the first place. It is useful for protecting against casual theft. It is useful for being able to quickly dispose of drives without having to wipe them. Neither of those need PD.

As always, when deciding what security measures you require, you should first define what threat you want to protect against. Casual theft is relatively easy to protect against. If you're up against state-level adversaries, well, good luck with that.

Offline

#4 2019-01-03 21:58:18

mpan
Member
Registered: 2012-08-01
Posts: 1,188
Website

Re: Is there a reason to do a secure erase of partitions before setup?

You can quickly erase LUKS header with random data and claim there never was any encryption.


Sometimes I seem a bit harsh — don’t get offended too easily!

Offline

#5 2019-01-03 22:37:01

/dev/zero
Member
From: Melbourne, Australia
Registered: 2011-10-20
Posts: 1,247

Re: Is there a reason to do a secure erase of partitions before setup?

mpan wrote:

You can quickly erase LUKS header with random data and claim there never was any encryption.

That's some op sec right there lol

Offline

Board footer

Powered by FluxBB