[vox-tech] Most efficient way to wipe hard drives

Tim Riley timriley at appahost.com
Tue Sep 15 10:13:27 PDT 2009 

On Tue, 2009-09-15 at 09:44 -0700, Lemseffer. Tahar (MSA) wrote:
> Good morning All,
> Is anyone familiar with C Unix

Yes. I'm sure you'll find a lot of company at LUGOD. However, this
topic is better discussed on the mailing list vox. Vox-tech is used
for specific technical questions. Also, this change of subject would
warrant a new thread.

> Thanks
> T
> 
> -----Original Message-----
> From: vox-tech-bounces at lists.lugod.org
> [mailto:vox-tech-bounces at lists.lugod.org] On Behalf Of Chanoch (Ken)
> Bloom
> Sent: Thursday, September 10, 2009 10:38 AM
> To: lugod's technical discussion forum
> Subject: Re: [vox-tech] Most efficient way to wipe hard drives
> 
> On Thu, Sep 10, 2009 at 09:56:54AM -0700, Brian Lavender wrote:
> > On Wed, Sep 09, 2009 at 09:20:30PM -0700, Bill Broadley wrote:
> > > 
> > > Short answer, one wipe is enough (At least for NIST, and one of the
> British
> > > Infosec standards), wipes miss bad sectors, the ATA secure erase
> command is
> > > worth checking out.
> > [snip]
> > I think caching is a concern on some systems, so more wipes seems to
> > magically make the write go to the actual media. But I would agree
> with
> > one wipe is probably enough. I had not thought about bad blocks. 
> > 
> > > 
> > > So if you don't use secure wipe and won't lose sleep at night over a
> few bad
> > > blocks being potentially recovered I'd recommend something like:
> > > 
> > > dd if=/dev/urandom of=/dev/sd<whichever disk>
> > 
> > Your computer must have a lot of entropy! Note that that device
> gathers
> > entropy from the system. When an event happens, it may be worth one or
> > two bits. Last time I wrote a program that read from that device, it
> > seemed that I got a number of bytes, and then I had to wait as various
> > events occured to the system. That is why they often tell you to move
> the
> > mouse around when generating keys. It generates entropy for the
> system.
> 
> /dev/random, blocks waiting for entropy.
> /dev/urandom doesn't wait for entropy. It uses entropy if it's
> avalable, and switches to a PRNG if there isn't enough entropy. I
> think it's similar to what you suggest doing with AES.
> 
> --Ken
>

More information about the vox-tech mailing list