On Thu, Sep 10, 2009 at 09:56:54AM -0700, Brian Lavender wrote: > On Wed, Sep 09, 2009 at 09:20:30PM -0700, Bill Broadley wrote: > > > > Short answer, one wipe is enough (At least for NIST, and one of the British > > Infosec standards), wipes miss bad sectors, the ATA secure erase command is > > worth checking out. > [snip] > I think caching is a concern on some systems, so more wipes seems to > magically make the write go to the actual media. But I would agree with > one wipe is probably enough. I had not thought about bad blocks. > > > > > So if you don't use secure wipe and won't lose sleep at night over a few bad > > blocks being potentially recovered I'd recommend something like: > > > > dd if=/dev/urandom of=/dev/sd<whichever disk> > > Your computer must have a lot of entropy! Note that that device gathers > entropy from the system. When an event happens, it may be worth one or > two bits. Last time I wrote a program that read from that device, it > seemed that I got a number of bytes, and then I had to wait as various > events occured to the system. That is why they often tell you to move the > mouse around when generating keys. It generates entropy for the system.
/dev/random, blocks waiting for entropy. /dev/urandom doesn't wait for entropy. It uses entropy if it's avalable, and switches to a PRNG if there isn't enough entropy. I think it's similar to what you suggest doing with AES. --Ken -- Chanoch (Ken) Bloom. PhD candidate. Linguistic Cognition Laboratory. Department of Computer Science. Illinois Institute of Technology. http://www.iit.edu/~kbloom1/ _______________________________________________ vox-tech mailing list [email protected] http://lists.lugod.org/mailman/listinfo/vox-tech
