[openssl-dev] [openssl.org #4227] openssl rand 10000000000 does not produce 10000000000 random bytes
Kurt Roeckx
kurt at roeckx.be
Wed Jan 13 06:39:48 UTC 2016
On Wed, Jan 13, 2016 at 11:00:09AM +1000, Paul Dale wrote:
> On Wed, 13 Jan 2016 12:32:39 AM Viktor Dukhovni wrote:
> > In most cases, just overwriting a disk with zeros is as good as
> > with any other pattern.
>
> Peter Gutmann published a paper showing that it is possible to read zeroed bits with the right equipment: https://www.usenix.org/legacy/publications/library/proceedings/sec96/full_papers/gutmann/index.html
>
> I remember a report not long after the original paper was published where the writer zeroed a drive and went to several data recovery companies who couldn't retrieve anything (sorry, can't find the reference).
>
> Also note that this technique doesn't work on newer drives: http://seclists.org/bugtraq/2005/Jul/464
>
>
> If you are protecting against governments or extremely well equipped organisations, a zeroed disc might be recoverable with a large investment of time and effort. If you are in this case and what you are protecting is worth that much, follow use one of the approved secure disc erasure methods -- several times.
There are various ways to do that, including:
http://www.dban.org/
https://wiki.archlinux.org/index.php/Securely_wipe_disk
http://www.killdisk.com/
Kurt
More information about the openssl-dev
mailing list