Writing over a drive using /dev/zero

William Muriithi william.muriithi-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Tue Nov 30 16:42:36 UTC 2010 

> You're quite right that /dev/urandom (or similar - anything that's
> generating random-ish values) should be pretty good at securely wiping
> things.
>
> It's rather less obvious that it's possible to realistically get "most
> of the data."
>
> Perhaps the NSA has a machine that can en-masse do the kind of
> differential analysis needed to draw data off an apparently-erased
> disk.  They'd need a special machine that's not available to the
> commercial disk recovery industry.
>
> Yes, an examination under special instruments could get bits off, even
> after attempted erasure; the trouble is that modern drives have
> several complications:
> a) Error correcting encodings lead to there being massively different
> mappings between where the data physically is and what's being
> reported to filesystems and applications, and the mappings mayn't be
> evident.
> b) Known methods aren't notably fast, and require multiple reads in
> order to get the variations in magnetic charges needed to get around
> the erasure.  It's liable to take weeks to get data off last
> generation disks, and worse for terabyte disks.
> c) Machinery for this will be super-expensive, because, much like the
> way tape drives are expensive, anything that's not being widely
> commercially used, but which, rather, is custom, is high-priced.  This
> won't help encourage high performance...
>
> It's *conceivable* that there could be some super-secret NSA machine
> to do the job, but there would be *massive* commercial value in making
> this available to the commercial data recovery industry, quite likely
> more than it's worth to keep the technology secret.
> --
> http://linuxfinances.info/info/linuxdistributions.html

Well said Christopher.

This is something I am very doubtful about.  In fact, I am reasonably
as in 80 % sure it impossible to extract data from a drive that has
been overwritten with zeros using dd.  You do not have to fill it,
lets say overwrite 60% of the drive.

I once got curious and decided to do my most and look for any
information on how its done.  I googled for ever, went to the library
and scanned through any possible book I could see about data recovery.
As far as I can tell, nobody has ever written anything informative
about this.  Sure, it could be top secret, but if it was possible,
someone in the civilian world would have come up with something close,
just as it happened with public cryptography.

Actually now that I have mentioned cryptography, I have just realized
this is also an information theory problem.  If it is eventually
proved to be practical for one to reconstruct data from a drive filled
with zeros, that will be the day Shannon theory will also die.

I have also tried to find where this story originated in the past, and
I could not find its origin.  I suspect though it could be from a hard
disk manufacture.  They have benefited a lot from this unproven
theory.  That is my opinion however

William
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists

More information about the Legacy mailing list