RE: Wiping a drive: /dev/zero or /dev/urandom better?

["Steve Armstrong" <stevearmstrong () logicallysecure com>]

JW,

We do a dd of /dev/random to the /dev/hda and then do a dd of /dev/nul
to the same.

While you can drop the random one (for speed and to be honest it is not
really required), we always do a dev/nul wipe as when you cat the
/dev/hda the line will return within the screen as there is nothing
there.  This way you get a quick understandable confirmation that the
process completed correctly and was not interrupted mid flow.

If we are doing a Gov system drive we use the like of Blancco that is
approved to wipe drives.

Steve A

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of JW
Sent: Monday, October 13, 2008 11:47 PM
To: security-basics () securityfocus com
Subject: Wiping a drive: /dev/zero or /dev/urandom better?

I've got a theoretical question: when wiping a drive (I'm talking about
Linux 
here), which of the following is more: fill the drive with data 
from /dev/zero or /dev/urandom?

I ask because I often see people suggest something like the following
for 
wiping disks:

cat /dev/zero > /dev/hda

(and of course do it multiple times)

I got to thinking that (if you are really paranoid) it would probably be

easier for "the bad guy" to recover original data if you use /dev/zero 
because it's so uniform, the "bad guy" can just look for anything other
then 
zeros - if it's not zero, it's data.

Which would imply that overwriting the data with /dev/urandom or
/dev/random 
would be more secure.

But I don't know enough about the internals of hard drives to know if it

really matters or not.

For clarity I'll point out that I'm not talking about wiping files in
the 
filesystem, I'm talking about wiping whole disks - I guess you'd say "at
the 
block level".

What do the resident experts here think? 

        JW

-- 

----------------------
System Administrator - Cedar Creek Software
http://www.cedarcreeksoftware.com

The information contained in this e-Mail and any subsequent correspondence is private and is intended solely for the 
intended recipient(s). The information in this communication may be confidential and/or legally privileged. Nothing in 
this e-mail is intended to conclude a contract on behalf of Logically Secure Ltd or make Logically Secure Ltd subject 
to any other legally binding commitments, unless the e-mail contains an express statement to the contrary or 
incorporates a formal Purchase Order.  For persons other than the intended recipient any disclosure, copying, 
distribution, or any action taken or omitted to be taken in reliance on such information is prohibited and may be 
unlawful.

Registered in England and Wales No: 05967368.  Registered Office: 36 Tudor Road, Lincoln, LN6 3LL.