Security Basics mailing list archives
Re: Wiping a drive: /dev/zero or /dev/urandom better?
From: "Razi Shaban" <razishaban () gmail com>
Date: Wed, 15 Oct 2008 20:53:13 +0400
On Wed, Oct 15, 2008 at 6:21 AM, Craig Wright <craig.steven.wright () gmail com> wrote:
The simple answer is that it does not matter. A single wipe (done correctly) will make it infeasible for ANYONE (even governments) to recover information. If you go to the page: http://seclab.cs.sunysb.edu/iciss08/program.html There is a paper being presented: "Overwriting Hard Drive Data: The Great Wiping Controversy" Craig Wright, Dave Kleiman and Shyaam Sundhar R.S.. The paper details this issue. A few people have seen it already. It will be available (published) in Dec in the Springer Verglag LNCS series. We hope that this paper will finally put some of the silly myths to rest. Regards, Craig Wright GSE-Malware, GSE-Compliance
Don't mislead. Allow me to explain in more depth. A bit on a hard drive is, in theory, either a 0 or a 1. If this is true, then one wipe will be more than enough. However, in reality 0 or 1 in charge are rarely achieved. For example, a bit may be charged to 0.34 or 0.8. Changing the bit from 0 to 1 will in fact most probably either add or subtract 0.7 (roughly that for the drives I've worked with on this), which is more than enough for the head to read it as either a 1 or 0. However, an established change rate (the ~0.7) can be established for the drive in question, researchers may be able to recover at least one history back, sometimes even two or three generations back. For this reason, several runs are necessary. -- Razi Shaban
Current thread:
- Wiping a drive: /dev/zero or /dev/urandom better? JW (Oct 14)
- RE: Wiping a drive: /dev/zero or /dev/urandom better? Weir, Jason (Oct 14)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Adam Gibbins (Oct 15)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Adriel Desautels (Oct 14)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Craig Wright (Oct 15)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Craig Wright (Oct 15)
- 51% can be enough Was: Wiping a drive Alexander Klimov (Oct 16)
- RE: 51% can be enough Was: Wiping a drive Olatunji Nowlin (Oct 16)
- RE: 51% can be enough Was: Wiping a drive Murda Mcloud (Oct 16)
- RE: 51% can be enough Was: Wiping a drive Alexander Klimov (Oct 20)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Craig Wright (Oct 15)
- RE: Wiping a drive: /dev/zero or /dev/urandom better? Weir, Jason (Oct 14)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Razi Shaban (Oct 16)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Ansgar Wiechers (Oct 16)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Roman Fulop (Oct 15)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Eric Kollmann (Oct 15)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Yinka Adeosun (Oct 16)