From owner-freebsd-security  Fri Nov 19  2:35:34 1999
Delivered-To: freebsd-security@freebsd.org
Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31])
	by hub.freebsd.org (Postfix) with ESMTP
	id C6B4914F5A; Fri, 19 Nov 1999 02:35:30 -0800 (PST)
	(envelope-from des@flood.ping.uio.no)
Received: (from des@localhost)
	by flood.ping.uio.no (8.9.3/8.9.3) id LAA56775;
	Fri, 19 Nov 1999 11:35:19 +0100 (CET)
	(envelope-from des)
To: Barrett Richardson <barrett@phoenix.aye.net>
Cc: Wes Peters <wes@softweyr.com>,
	Kris Kennaway <kris@hub.freebsd.org>, TrouBle <trouble@netquick.net>,
	David G Andersen <danderse@cs.utah.edu>, freebsd-security@FreeBSD.ORG
Subject: Re: secure filesystem wiping
References: <Pine.BSF.4.01.9911182331400.18537-100000@phoenix.aye.net>
From: Dag-Erling Smorgrav <des@flood.ping.uio.no>
Date: 19 Nov 1999 11:35:17 +0100
In-Reply-To: Barrett Richardson's message of "Thu, 18 Nov 1999 23:37:34 -0500 (EST)"
Message-ID: <xzpbt8qydju.fsf@flood.ping.uio.no>
Lines: 15
User-Agent: Gnus/5.070097 (Pterodactyl Gnus v0.97) Emacs/20.4
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Barrett Richardson <barrett@phoenix.aye.net> writes:
> Wes Peters wrote:
> > I've tested obliterate on some rather large files (250 MB) and it exhausts
> > the system entropy pool very quickly, even on a system with a busy network.
> > Does anyone make a hardware entropy device?  ;^)
> How about pseudo-random data? Aren't the passes with random data just
> a little extra icing?

Don't use random data. Use patterns. See the previous 'secure
deletion' thread for references to a paper describing which patterns
to use (and in which order).

DES
-- 
Dag-Erling Smorgrav - des@flood.ping.uio.no


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message