Comment 3 for bug 646421

the problematic code in user-setup-apply is:

        if [ -n "$ENCRYPT_HOME_OPT" ] && [ -e $ROOT/etc/crypttab ]; then
                # Zero out all encrypted swap partitions. It is assumed that
                # passwords are not used beyond this point in the install.
                # cryptswap0 /dev/sda5 /dev/urandom swap,cipher=aes-cbc-essiv:sha256
                # Ideally we would set up a new progress bar here, but we're
                # inside finish-install's and cdebconf doesn't support nested
                # progress bars.
                db_progress INFO user-setup/progress/wipe-swap
                while read name device source options; do
                        if echo "$options" | grep -q "swap"; then
                                if swapoff $device; then
                                        dd if=/dev/zero of=$device 2>/dev/null || true
                                fi
                        fi
                done < $ROOT/etc/crypttab
        fi

some testing for blockdevices and files (if [ -b $device ] ...) needs to be added here.
in case a file is detected, the size needs to be handed over to dd.