On Apr 1, 2012, at 4:41 AM, Glen Turner wrote:
Keeping a large sample on permanent storage of
"random numbers" generated by that very machine is providing a very
large lever to push against any flaw.
So you're suggesting it's better to /dev/zero the disk than /dev/urandom the
disk?
What about ATA Secure Erase, or Enhance Secure Erase? None of this comes up in best
practices, although it is certainly the only possible way (not guaranteed, but dd is
certain to fail) to remove user data from presently unassigned LBA on either HDD or SSD.
Best as I can tell, ATA Secure Erase writes zeros. Enhanced Secure Erase writes a
"pattern" defined by the disk manufacturer. In either case, while the encrypted
data start/end is likely locatable, unlike if good random data were written first, it
should at least remove user data in both reserved (or removed) blocks and LBA assigned
blocks.
Chris Murphy