[openssl-dev] [openssl.org #4227] openssl rand 10000000000 does not produce 10000000000 random bytes

[Paul Dale]

On Wed, 13 Jan 2016 12:32:39 AM Viktor Dukhovni wrote:
> In most cases, just overwriting a disk with zeros is as good as
> with any other pattern.

Peter Gutmann published a paper showing that it is possible to read zeroed bits with the right equipment: https://www.usenix.org/legacy/publications/library/proceedings/sec96/full_papers/gutmann/index.html

I remember a report not long after the original paper was published where the writer zeroed a drive and went to several data recovery companies who couldn't retrieve anything (sorry, can't find the reference).

Also note that this technique doesn't work on newer drives: http://seclists.org/bugtraq/2005/Jul/464


If you are protecting against governments or extremely well equipped organisations, a zeroed disc might be recoverable with a large investment of time and effort.  If you are in this case and what you are protecting is worth that much, follow use one of the approved secure disc erasure methods -- several times.


- Pauli

-- 
Oracle
Dr Paul Dale | Cryptographer | Network Security & Encryption 
Phone +61 7 3031 7217
Oracle Australia

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160113/16eec61f/attachment.html>