Security Basics mailing list archives

R: Wiping a drive: /dev/zero or /dev/urandom better?

From: "Vega - Brunello Ivan" <I.Brunello () vegaspa it>
Date: Tue, 14 Oct 2008 20:26:36 +0200

Although I don't trust too much on urandom, just for lack of (my) knowledge on its internals, I'd suggest using it 
instead of /dev/zero

I usually use a somehow circonvoluted method: create a truecrypt file as big as the partition (or, even better, 
truecrypt the whole partition).
For sure it writes random data, and such method works the same way in both linux and windows.
The only two concerns:
- AFAIK, it work on partitions, and not on whole disks.
- you have to use an external program (so you have to keep it around, etc), while "cat" or "dd" are almost always 
available.


Ivan Brunello

-----Messaggio originale-----
Da: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
Per conto di JW
Inviato: martedì 14 ottobre 2008 0.47
A: security-basics () securityfocus com
Oggetto: Wiping a drive: /dev/zero or /dev/urandom better?

I've got a theoretical question: when wiping a drive (I'm talking about
Linux
here), which of the following is more: fill the drive with data
from /dev/zero or /dev/urandom?

I ask because I often see people suggest something like the following
for
wiping disks:

cat /dev/zero > /dev/hda

(and of course do it multiple times)

I got to thinking that (if you are really paranoid) it would probably
be
easier for "the bad guy" to recover original data if you use /dev/zero
because it's so uniform, the "bad guy" can just look for anything other
then
zeros - if it's not zero, it's data.

Which would imply that overwriting the data with /dev/urandom or
/dev/random
would be more secure.

But I don't know enough about the internals of hard drives to know if
it
really matters or not.

For clarity I'll point out that I'm not talking about wiping files in
the
filesystem, I'm talking about wiping whole disks - I guess you'd say
"at the
block level".

What do the resident experts here think?

      JW

--

----------------------
System Administrator - Cedar Creek Software
http://www.cedarcreeksoftware.com

Current thread:

Re: Wiping a drive: /dev/zero or /dev/urandom better?, (continued)
- - Re: Wiping a drive: /dev/zero or /dev/urandom better? Adam Gibbins (Oct 15)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Adriel Desautels (Oct 14)
  - Re: Wiping a drive: /dev/zero or /dev/urandom better? Craig Wright (Oct 15)
    - Re: Wiping a drive: /dev/zero or /dev/urandom better? Craig Wright (Oct 15)
    - 51% can be enough Was: Wiping a drive Alexander Klimov (Oct 16)
    - RE: 51% can be enough Was: Wiping a drive Olatunji Nowlin (Oct 16)
    - RE: 51% can be enough Was: Wiping a drive Murda Mcloud (Oct 16)
    - RE: 51% can be enough Was: Wiping a drive Alexander Klimov (Oct 20)
    - Re: Wiping a drive: /dev/zero or /dev/urandom better? Razi Shaban (Oct 16)
    - Re: Wiping a drive: /dev/zero or /dev/urandom better? Ansgar Wiechers (Oct 16)
- R: Wiping a drive: /dev/zero or /dev/urandom better? Vega - Brunello Ivan (Oct 14)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Robert Larsen (Oct 14)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Morgan Reed (Oct 14)
- Re: Wiping a drive: /dev/zero or /dev/urandom better? Gaizka Isusquiza (Oct 14)
  - Re: Wiping a drive: /dev/zero or /dev/urandom better? Roman Fulop (Oct 15)
- RE: Wiping a drive: /dev/zero or /dev/urandom better? Murda Mcloud (Oct 14)
  - Re: Wiping a drive: /dev/zero or /dev/urandom better? Eric Kollmann (Oct 15)
- RE: Wiping a drive: /dev/zero or /dev/urandom better? Steve Armstrong (Oct 15)
  - Re: Wiping a drive: /dev/zero or /dev/urandom better? Yinka Adeosun (Oct 16)
- Upptime report tools? Mattias Hemmingtsson (Oct 15)
  - Re: Upptime report tools? Kevin Liang (Oct 16)

(Thread continues...)