Re: Wiping a drive: /dev/zero or /dev/urandom better?

[Roman Fulop <ml () ensof1 trithem sk>]

AFAIK, /dev/urandom is pseudo-random generator, while /dev/random
generates random data from entropy pool. /dev/random blocks if there is
no entropy available, so i would not recommend it for overwriting disks.

Roman

Gaizka Isusquiza wrote:
> Hi!
>
> Depending on the disk nature(i.e: optical support, magnetic support)
> several aproximations can be done. Supposing that we're talking about
> magnetic devices, we must know/remember some basics that can spoil all
> our efforts if fogotten.
>
> Is not the same to logically remove data than do it physically.
>
> Remove data logically means that using software means, there is no
> access to data, neither data can be rebuilt. The problem is that due
> to magnetism, magnetic devices have some sort of 'memory', which turns
> out to be main reason to rewrite device with senseless data several
> times(last time I read about this a minimum of 7 times).
>
> When trying to generate senseless data, best way in Linux is using
> /dev/urandom. /dev/urandom seeds are more unpredictable than
> /dev/random, mainly because /dev/urandom uses more unpredictable
> devices as input (i.e: analogic microphone) than mouse movement, mouse
> position on the screen or key pressed, which helps getting a good seed
> needed when generating a pseudorandom output.
>
> Remove data physically means damaging/destroying physical devices.
> What we must know is that there are means of recovering data from
> magnetic devices even when devices have been seriously physically
> damaged because there is a need to recover data after impredictible
> catastrophes(i.e: fires, floods). But this means are usually too
> expensive to be used by most crackers.
>
> At this moment, best way to prevent a disk to be rebuilt is using some
> kind of strong acid. But as I said, impossible is nothing, it's all a
> matter of money(if the value of the info is less than the money needed
> to get it, it's not worth trying to recover it).
>
> I hope I explained myself.
>
> Regards,
> Gaizka
>
> 2008/10/14 JW <jw () mailsw com>:
> > I've got a theoretical question: when wiping a drive (I'm talking about Linux
> > here), which of the following is more: fill the drive with data
> > from /dev/zero or /dev/urandom?
> >
> > I ask because I often see people suggest something like the following for
> > wiping disks:
> >
> > cat /dev/zero > /dev/hda
> >
> > (and of course do it multiple times)
> >
> > I got to thinking that (if you are really paranoid) it would probably be
> > easier for "the bad guy" to recover original data if you use /dev/zero
> > because it's so uniform, the "bad guy" can just look for anything other then
> > zeros - if it's not zero, it's data.
> >
> > Which would imply that overwriting the data with /dev/urandom or /dev/random
> > would be more secure.
> >
> > But I don't know enough about the internals of hard drives to know if it
> > really matters or not.
> >
> > For clarity I'll point out that I'm not talking about wiping files in the
> > filesystem, I'm talking about wiping whole disks - I guess you'd say "at the
> > block level".
> >
> > What do the resident experts here think?
> >
> >        JW
> >
> > --
> >
> > ----------------------
> > System Administrator - Cedar Creek Software
> > http://www.cedarcreeksoftware.com