[prev in list] [next in list] [prev in thread] [next in thread] 

List:       forensics
Subject:    Re: Top Ten List!?
From:       Valdis.Kletnieks () vt ! edu
Date:       2002-01-20 6:11:14
[Download RAW message or body]

On Fri, 18 Jan 2002 10:10:46 PST, Richard Chadderton said:
> 
> On Fri, 18 Jan 2002 Valdis.Kletnieks@vt.edu wrote:
> 
> > >   dd if=/dev/urandom of=/dev/hdb
> > 
> > GAAAK!!!! No! No! No!
> > 
> > This will *NOT* do what you want it to do.  
> 
> Well, at the risk of descending into a flame war over a trivial point, yes
> it _does_ do what I want. I think you misunderstood the objective. The
> point was _not_ to create ideal random data for the disk, but simply to
> overwrite it with something. Anything. Your MP3 collection. Grandma's

Right.  *THAT* I agree with. The point I took objection to was the
implication that /dev/urandom was a good source for large pseudorandom
streams.  Sure, if it's a box you're about to surplus ANYHOW, the fact
that it degrades to a pseudorandom stream and hoses every user of /dev/random
probably doesn't matter.

What *does* matter is all the cargo-cult programmers out there who will
then *literally* use /dev/urandom in something without understanding the
implications of it in a production system.  "Hmm... I saw somebody use
it to zero out a 40G disk drive, it must be basically for free..".

(For bonus points - if you're using trinux or some other cd/zip based
linuxoid to wipe a system before discarding it, what rate will it converge
on if you accidentally use /dev/random in the above 'dd' command?  Hint -
you're probably almost never doing a long seek on the hard drive ;)

Personally, the systems we've been surplusing lately, I've been
recommending at least 4 passes - all zeros x'00000', all ones x'ffffffff',
alterneting bits x'5555', and a pseudorandom pass.  Throw a pass of x'aaaa'
in after the 5555 if you're bored.

And remember - if you need more than a few bytes, use /dev/urandom to seed a
good user-space pseudorandom bitstream generator.

/Valdis

-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

[prev in list] [next in list] [prev in thread] [next in thread]