Re: Wiping a drive: /dev/zero or /dev/urandom better?

[Ansgar Wiechers <bugtraq () planetcobalt net>]

On 2008-10-15 Razi Shaban wrote:
> On Wed, Oct 15, 2008 at 6:21 AM, Craig Wright wrote:
> > The simple answer is that it does not matter. A single wipe (done
> > correctly) will make it infeasible for ANYONE (even governments) to
> > recover information.
> >
> > If you go to the page:
> > http://seclab.cs.sunysb.edu/iciss08/program.html
> >
> > There is a paper being presented:
> > "Overwriting Hard Drive Data: The Great Wiping Controversy"
> > Craig Wright, Dave Kleiman and Shyaam Sundhar R.S..
> >
> > The paper details this issue. A few people have seen it already. It
> > will be available (published) in Dec in the Springer Verglag LNCS
> > series. We hope that this paper will finally put some of the silly
> > myths to rest.
>
> Don't mislead. Allow me to explain in more depth. A bit on a hard
> drive is, in theory, either a 0 or a 1. If this is true, then one wipe
> will be more than enough. However, in reality 0 or 1 in charge are
> rarely achieved. For example, a bit may be charged to 0.34 or 0.8.
> Changing the bit from 0 to 1 will in fact most probably either add or
> subtract 0.7 (roughly that for the drives I've worked with on this),
> which is more than enough for the head to read it as either a 1 or 0.
> However, an established change rate (the ~0.7) can be established for
> the drive in question, researchers may be able to recover at least one
> history back, sometimes even two or three generations back.

Again, I'd like to see a credible report of at least one successful
recovery of data from a wiped disk (the disk being built in this
century).

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq