[prev in list] [next in list] [prev in thread] [next in thread]
List: forensics
Subject: Re: Top Ten List!?
From: Valdis.Kletnieks () vt ! edu
Date: 2002-01-20 6:11:14
[Download RAW message or body]
On Fri, 18 Jan 2002 10:10:46 PST, Richard Chadderton said:
>
> On Fri, 18 Jan 2002 Valdis.Kletnieks@vt.edu wrote:
>
> > > dd if=/dev/urandom of=/dev/hdb
> >
> > GAAAK!!!! No! No! No!
> >
> > This will *NOT* do what you want it to do.
>
> Well, at the risk of descending into a flame war over a trivial point, yes
> it _does_ do what I want. I think you misunderstood the objective. The
> point was _not_ to create ideal random data for the disk, but simply to
> overwrite it with something. Anything. Your MP3 collection. Grandma's
Right. *THAT* I agree with. The point I took objection to was the
implication that /dev/urandom was a good source for large pseudorandom
streams. Sure, if it's a box you're about to surplus ANYHOW, the fact
that it degrades to a pseudorandom stream and hoses every user of /dev/random
probably doesn't matter.
What *does* matter is all the cargo-cult programmers out there who will
then *literally* use /dev/urandom in something without understanding the
implications of it in a production system. "Hmm... I saw somebody use
it to zero out a 40G disk drive, it must be basically for free..".
(For bonus points - if you're using trinux or some other cd/zip based
linuxoid to wipe a system before discarding it, what rate will it converge
on if you accidentally use /dev/random in the above 'dd' command? Hint -
you're probably almost never doing a long seek on the hard drive ;)
Personally, the systems we've been surplusing lately, I've been
recommending at least 4 passes - all zeros x'00000', all ones x'ffffffff',
alterneting bits x'5555', and a pseudorandom pass. Throw a pass of x'aaaa'
in after the 5555 if you're bored.
And remember - if you need more than a few bytes, use /dev/urandom to seed a
good user-space pseudorandom bitstream generator.
/Valdis
-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic