Security Basics mailing list archives
Re: Wiping a drive: /dev/zero or /dev/urandom better?
From: Yinka Adeosun <Yinka.Adeosun () noaa gov>
Date: Wed, 15 Oct 2008 18:21:12 -0400
JW, Hey, do it DoD style! There is a free software to blow it away; DBAN http://www.snapfiles.com/get/dban.html http://www.dban.org/ http://sourceforge.net/projects/dban/ Much better than degausser. Thanks, Yinka. Steve Armstrong wrote:
JW, We do a dd of /dev/random to the /dev/hda and then do a dd of /dev/nul to the same. While you can drop the random one (for speed and to be honest it is not really required), we always do a dev/nul wipe as when you cat the /dev/hda the line will return within the screen as there is nothing there. This way you get a quick understandable confirmation that the process completed correctly and was not interrupted mid flow. If we are doing a Gov system drive we use the like of Blancco that is approved to wipe drives. Steve A -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of JW Sent: Monday, October 13, 2008 11:47 PM To: security-basics () securityfocus com Subject: Wiping a drive: /dev/zero or /dev/urandom better? I've got a theoretical question: when wiping a drive (I'm talking about Linux here), which of the following is more: fill the drive with data from /dev/zero or /dev/urandom? I ask because I often see people suggest something like the following for wiping disks: cat /dev/zero > /dev/hda (and of course do it multiple times) I got to thinking that (if you are really paranoid) it would probably be easier for "the bad guy" to recover original data if you use /dev/zero because it's so uniform, the "bad guy" can just look for anything other then zeros - if it's not zero, it's data. Which would imply that overwriting the data with /dev/urandom or /dev/random would be more secure. But I don't know enough about the internals of hard drives to know if it really matters or not. For clarity I'll point out that I'm not talking about wiping files in the filesystem, I'm talking about wiping whole disks - I guess you'd say "at the block level". What do the resident experts here think? JW
Current thread:
- Re: Wiping a drive: /dev/zero or /dev/urandom better?, (continued)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Razi Shaban (Oct 16)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Ansgar Wiechers (Oct 16)
- R: Wiping a drive: /dev/zero or /dev/urandom better? Vega - Brunello Ivan (Oct 14)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Robert Larsen (Oct 14)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Morgan Reed (Oct 14)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Gaizka Isusquiza (Oct 14)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Roman Fulop (Oct 15)
- RE: Wiping a drive: /dev/zero or /dev/urandom better? Murda Mcloud (Oct 14)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Eric Kollmann (Oct 15)
- RE: Wiping a drive: /dev/zero or /dev/urandom better? Steve Armstrong (Oct 15)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Yinka Adeosun (Oct 16)
- Upptime report tools? Mattias Hemmingtsson (Oct 15)
- Re: Upptime report tools? Kevin Liang (Oct 16)
- RE: Upptime report tools? Lim, James (GTS Pac Rim) (Oct 16)
- Re: Upptime report tools? CJ (Oct 16)
- Re: Upptime report tools? Kevin Liang (Oct 16)
- Re: Upptime report tools? Kurt Buff (Oct 16)
- Message not available
- Webb statistics program Mattias Hemmingtsson (Oct 16)
- Message not available
- Re: Disclaimer Jerry (Oct 16)
- Re: Disclaimer Michael Condon (Oct 17)
- Message not available
- Message not available
- Security Audit & pen testing fnial report Michael Condon (Oct 20)
- RE: Security Audit & pen testing fnial report Richard Golodner (Oct 20)