3
1
I was curious how secure this command was since it randomly writes 0's and 1's to the disk. How much can be information can be pulled when you overwrite it with 0's and 1's? My understanding was that if you write over a file, you cannot recover the original file, but if you delete a file and don't write over it, the content remains while the pointer itself doesn't. So, you can rebuild the files if you know the file system used.
Is that an accurate statement?
Walter
4
One pass is probably enough to deter casual analysis. Beyond 3 passes (DoD Short) your attackers will probably need an electron microscope--3 passes (0,1,random) will be enough to guarantee that all bits have flipped at least once.
If you want to wipe an entire disk or partition, I recommend DBAN instead of doing it yourself. DBAN has a lot more options.
Broam
Posted 2010-03-10T21:08:32.897
Reputation: 3 831
8
You'd probably be better off just zeroing the hard drive with /dev/zero. /dev/urandom generates pseudo-random data, so it will be slower than /dev/zero which just spits out zeros. As Broam mentioned, one pass is sufficient.
There used to be The Great Zero Challenge. I believe it was $40 and the drive itself that was offered to any professional data recovery company that could recover just the name of one of the 2 files or the 1 folder that was written to the drive. No companies accepted the challenge. I'd say you're pretty safe with 1 pass.
More on the challenge here.
John T
Posted 2010-03-10T21:08:32.897
Reputation: 149 037
1
For any security issue, you need to figure out what the risk is.
Renaming the file and moving it to an inappropriate directory will stop casual examination by somebody who isn't computer-savvy.
Deleting the file will stop anybody from looking at it without easily available special tools, and will make it time-consuming for them to find it.
Overwriting the file will probably leave nothing findable through the operating system, but that won't guarantee it. If you've processed the file, there might be a partial or complete copy in swap space or equivalent on the drive, and I'm not quite sure what to do about that. Still, failing that, it's probably secure against a reasonable forensic search.
Disk drives no longer present a raw view to the computer using them, though, and it's always possible that the disk wrote part or all of the file on a chunk that it later decided was bad. In that case, removing the disk controller and substituting something more primitive might find a piece of the file. This is getting into very pricey data recovery.
Finally, it's always possible that somebody will be able to read overwritten disk sectors, with some amount of reliability, at some point in the future.
If you're just protecting the mainstream porn from the occasional visiting girlfriend, hiding it in the file system will probably work just fine. If you're terrified that the NSA might possibly be able to read it within the next twenty years, destroy the disk (some of the more paranoid types on Slashdot report fun results with thermite). For most purposes, overwriting the file a couple of times (including at least one 0 and one 1) will do very nicely.
David Thornley
Posted 2010-03-10T21:08:32.897
Reputation: 701
1Have you seen what data recovery companies charge? $1000 is nowhere near sufficient incentive for them to do anything special. – David Thornley – 2010-03-10T21:34:20.600
Actually, it was $40 and the drive. But still, if you want to prove someone wrong it doesn't mean you have to charge them. They'd get publicity and potentially a lot more business. Also, read the quote from one of the companies he contacted on the last link. – John T – 2010-03-10T21:40:33.177