[vox-tech] Most efficient way to wipe hard drives
Brian Lavender
brian at brie.com
Thu Sep 10 09:56:54 PDT 2009
On Wed, Sep 09, 2009 at 09:20:30PM -0700, Bill Broadley wrote:
>
> Short answer, one wipe is enough (At least for NIST, and one of the British
> Infosec standards), wipes miss bad sectors, the ATA secure erase command is
> worth checking out.
[snip]
I think caching is a concern on some systems, so more wipes seems to
magically make the write go to the actual media. But I would agree with
one wipe is probably enough. I had not thought about bad blocks.
>
> So if you don't use secure wipe and won't lose sleep at night over a few bad
> blocks being potentially recovered I'd recommend something like:
>
> dd if=/dev/urandom of=/dev/sd<whichever disk>
Your computer must have a lot of entropy! Note that that device gathers
entropy from the system. When an event happens, it may be worth one or
two bits. Last time I wrote a program that read from that device, it
seemed that I got a number of bytes, and then I had to wait as various
events occured to the system. That is why they often tell you to move the
mouse around when generating keys. It generates entropy for the system.
You can feed that data from /dev/urandom into AES as the key, then
use Cipher Block Chaining so that it looks more random. Essentially,
you are using the /dev/urandom as the key to produce cipher text.
I believe dban does this.
If you wipe with /dev/zero, then the adversary could be correct for
half the bits assuming that they are equaly distributed!
brian
--
Brian Lavender
http://www.brie.com/brian/
More information about the vox-tech
mailing list