l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2009 Sep 10 16:08

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Most efficient way to wipe hard drives
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Most efficient way to wipe hard drives

On Wed, Sep 09, 2009 at 09:20:30PM -0700, Bill Broadley wrote:
> Short answer, one wipe is enough (At least for NIST, and one of the British
> Infosec standards), wipes miss bad sectors, the ATA secure erase command is
> worth checking out.
I think caching is a concern on some systems, so more wipes seems to
magically make the write go to the actual media. But I would agree with
one wipe is probably enough. I had not thought about bad blocks. 

> So if you don't use secure wipe and won't lose sleep at night over a few bad
> blocks being potentially recovered I'd recommend something like:
> dd if=/dev/urandom of=/dev/sd<whichever disk>

Your computer must have a lot of entropy! Note that that device gathers
entropy from the system. When an event happens, it may be worth one or
two bits. Last time I wrote a program that read from that device, it
seemed that I got a number of bytes, and then I had to wait as various
events occured to the system. That is why they often tell you to move the
mouse around when generating keys. It generates entropy for the system.

You can feed that data from /dev/urandom into AES as the key, then
use Cipher Block Chaining so that it looks more random. Essentially,
you are using the /dev/urandom as the key to produce cipher text.
I believe dban does this. 

If you wipe with /dev/zero, then the adversary could be correct for
half the bits assuming that they are equaly distributed!

Brian Lavender
vox-tech mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.