Encrypted LVM - Logical Volume Manager

Discussion in 'Technical' started by melbo, Jan 30, 2012.

  1. melbo

    melbo Hunter Gatherer Administrator Founding Member

    So I've spent the last 2 weeks installing, testing, flushing and reinstalling an OS on my -soon to be- new primary laptop. Waiting on a couple of hardware upgrades so I have the extra time to try and fail and try again.

    Am currently setting up an encrypted LVM on my partitions. The test HDD I'm running all these tests on is a small 120GB drive that is leftover from an older system and it's taken the better part of 4 hours to write random data to prior to installing the encrypted system. (14 GB to go)

    Why write urandom data prior to installing a fully encrypted system that will only write encrypted (on the fly) data to the drive? I wondered the same thing but after researching - realized its the best way to go, even if it means that it might take 3 days on my new (large capacity drives) to complete the pre-process.

    Let's say (for example) that the encrypted LVM writes 'melbo' as h*7wl+we-eQs$Wl-9?.soe7!;

    [/B] Let's try to find melbo on a freshly formatted drive with lots of empty space on it, then on a zero'd out (OSX) drive and then on a drive that's been written with urandom:

    When your entire drive is filled with random garbage and then you write random garbage on top of it, it's tough to tell where your stuff starts and where it ends. Much tougher for any forensic recovery attempts.

    Link for my reference: </eqs$wl-9?.soe7!;
    Linux Mint Forums • View topic - Howto install LMDE with LVM (with or without encryption)
    Guit_fishN likes this.
  2. strunk

    strunk Monkey+

  3. melbo

    melbo Hunter Gatherer Administrator Founding Member

    I use DBAN prior to either physically destroying HDDs or giving them away.
    I think that
    dd if=/dev/urandom of=/dev/sda2 bs=1M & sleep 5; while kill -USR1 ${!}; do sleep 60; done
    is a little stronger for this purpose given that we want urandom w/ salt.
  4. Redneck Rebel

    Redneck Rebel Monkey++

    Been monitoring this thread and doing some other reading on the subject. Very interesting stuff to say the least.
  5. TnAndy

    TnAndy Senior Member Founding Member

    They told me over at the VA hospital that "even paranoids have enemies"

survivalmonkey SSL seal        survivalmonkey.com warrant canary