On Fri, Mar 29, 2002 at 02:06:44PM -0800, John S. Lyons wrote: > I've done dd if=/dev/zero of=/dev/hda in the past. What is the > advantage of using /dev/ramdom?
There are ways to recover over-written data if you have physical access to the drive. Some involve removing the platters and checking them out with other equipment. You should have some well-financed enemies to be worried about this kind of stuff. However, it's good to be a little bit paranoid. Someone in the list recently quoted over-run with 5 passes is still recoverable, and I heard a while ago a slightly larger number, but I don't remember exactly. Over-writing with zeroes over and over won't really eliminate those traces, or if it does, not nearly as well as random data. The random data will make it harder to figure out where you're hitting real data that was present before the wipe. If you have physical security of a level you are satisfied with, you shouldn't need to do this, but since we are talking about machines being thrown out (or at least, I think that's how the thread started), when you lose physical control of the drive, its good to think of these things. If you over-write with zeroes, there should be no way to get the information back with just software. and as I said in another post, /dev/random will run out quickly, so you probably want /dev/urandom. On a related note: Does anyone know of any disk-wiping utilties for linux that will wipe free space? bcwipe does file slack space, but the only way I currently know to wipe free space involves dd'ing files in until you fully fill the drive (which has to be done as root to fill over 100%), and therefore means should be done in maintenance mode, since most services become unhappy when they can't create any files. I'd like something I can run on a server while keeping it up. and specifically wrt bcwipe, I know on-board cache on a HD is going to make wiping small files useless, but I'm curious if bcwipe does a sync call after every pass, since that would make it slower, but more effective on a system buffer level. Rob
msg05505/pgp00000.pgp
Description: PGP signature
