Security Basics mailing list archives
Re: Wiping a drive: /dev/zero or /dev/urandom better?
From: "Craig Wright" <craig.steven.wright () gmail com>
Date: Wed, 15 Oct 2008 13:21:06 +1100
The simple answer is that it does not matter. A single wipe (done correctly) will make it infeasible for ANYONE (even governments) to recover information. If you go to the page: http://seclab.cs.sunysb.edu/iciss08/program.html There is a paper being presented: "Overwriting Hard Drive Data: The Great Wiping Controversy" Craig Wright, Dave Kleiman and Shyaam Sundhar R.S.. The paper details this issue. A few people have seen it already. It will be available (published) in Dec in the Springer Verglag LNCS series. We hope that this paper will finally put some of the silly myths to rest. Regards, Craig Wright GSE-Malware, GSE-Compliance On Wed, Oct 15, 2008 at 2:39 AM, Adriel Desautels <adriel () netragard com> wrote:
use dban, it works wonders. Regards, Adriel T. Desautels Chief Technology Officer Netragard, LLC. Office : 617-934-0269 Mobile : 617-633-3821 http://www.linkedin.com/pub/1/118/a45 Join the Netragard, LLC. Linked In Group: http://www.linkedin.com/e/gis/48683/0B98E1705142 ------------------------------------------------ Netragard, LLC - "The Specialist in Anti-Hacking" Netragard Whitepaper Downloads: ------------------------------- Choosing the right provider : http://tinyurl.com/2ahk3j Three Things you must know : http://tinyurl.com/26pjsn JW wrote:I've got a theoretical question: when wiping a drive (I'm talking about Linux here), which of the following is more: fill the drive with data from /dev/zero or /dev/urandom? I ask because I often see people suggest something like the following for wiping disks: cat /dev/zero > /dev/hda (and of course do it multiple times) I got to thinking that (if you are really paranoid) it would probably be easier for "the bad guy" to recover original data if you use /dev/zero because it's so uniform, the "bad guy" can just look for anything other then zeros - if it's not zero, it's data. Which would imply that overwriting the data with /dev/urandom or /dev/random would be more secure. But I don't know enough about the internals of hard drives to know if it really matters or not. For clarity I'll point out that I'm not talking about wiping files in the filesystem, I'm talking about wiping whole disks - I guess you'd say "at the block level". What do the resident experts here think? JW
-- Dr. Craig S Wright GSE-Malware, GSE-Compliance, LLM, & ...
Current thread:
- Wiping a drive: /dev/zero or /dev/urandom better? JW (Oct 14)
- RE: Wiping a drive: /dev/zero or /dev/urandom better? Weir, Jason (Oct 14)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Adam Gibbins (Oct 15)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Adriel Desautels (Oct 14)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Craig Wright (Oct 15)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Craig Wright (Oct 15)
- 51% can be enough Was: Wiping a drive Alexander Klimov (Oct 16)
- RE: 51% can be enough Was: Wiping a drive Olatunji Nowlin (Oct 16)
- RE: 51% can be enough Was: Wiping a drive Murda Mcloud (Oct 16)
- RE: 51% can be enough Was: Wiping a drive Alexander Klimov (Oct 20)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Craig Wright (Oct 15)
- RE: Wiping a drive: /dev/zero or /dev/urandom better? Weir, Jason (Oct 14)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Razi Shaban (Oct 16)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Ansgar Wiechers (Oct 16)