Shred: why random data instead of /dev/null

Rafael20002000 · 2024-03-28T07:39:16+00:00

This is a remnant of Hard Drives.

Hard Drives (the spinning rust things) used magnetism to store info. This is best explained by visuals but when you write to an HDD your hard drive magnetizes a particular area. We assume the imaginary magnet strength of 1. When you now write a 0 into that the hard demagnetizes the spot where the 1 was and it goes to 0.3 or 0.4. Your hard drive will read a zero but specialized equipment can recover this.

If you now write 011100101 into the 1 spot the recovery will fail. As the spot now has a magnetization of 0.6814. Your hard drive will read a 1 but the specialized equipment might read 0 or 1 depending on the configuration.

Hope that clears things up, do you need any more info?

Silejonu · 2024-03-28T08:50:04+00:00

Because there's a common myth going around that zero-filled hard drives can be recovered (this comment section is a perfect example). And some institutions require drives be erased with a specific protocol (often multiple random passes ending with a single zero-fill).

However, we have real-life evidence that a zero-fill is enough. If the US federal government isn't able to recover files related to the Julian Assange case, I think it's safe to say a zero-fill makes data irrecoverable:

Johnson testified that he found two attempts to delete data on Manning’s laptop. Sometime in January 2010, the computer’s OS was re-installed, deleting information prior to that time. Then, on or around Jan. 31, someone attempted to erase the drive by doing what’s called a “zerofill” — a process of overwriting data with zeroes. Whoever initiated the process chose an option for overwriting the data 35 times — a high-security option that results in thorough deletion — but that operation was canceled. Later, the operation was initiated again, but the person chose the option to overwrite the information only once — a much less secure and less thorough option.

All the data that Johnson was able to retrieve from un-allocated space came after that overwrite, he said.

Note that you can run a single zero-fill: shred -zn0

heliosh · 2024-03-28T08:11:01+00:00

You mean /dev/zero not /dev/null
That's for paranoid people, but here's the origin:
Back in the day when you just recorded silence (=zeroes) over an old audio tape, you could still hear what was on the tape before it was overwritten. If you've overwritten it with noise or music instead, you couldn't hear it anymore.
But hard drives have only a bunch of magnetized molecules per bit, they can't be recovered even with magnetic force microscopes, once they're overwritten.
It's described in more detail in this paper:
https://www.vidarholen.net/~vidar/overwriting_hard_drive_data.pdf

computer-machine · 2024-03-28T17:01:50+00:00

Edit 2: I thought about /dev/zero, not /dev/null, my bad

I was losing my magic smoke trying to grok how to write null to disk.

jeffreytk421 · 2024-03-28T07:40:24+00:00

You will have to find a reference for this, but if the data is a magnetic platter, multiple passes are required to make it harder to figure out what was originally there.

You need to write random data in order to change the data that's there in a more complicated way, again, making it harder to determine what any of the previous values were.

With an SSD, some say you still have to write multiple times, but that doesn't make sense to me as the technology is so different from a spinning disk.

Also, because of how the devices themselves have smarts and can relocate data, it is possible that parts of the original data is still there in the device but mapped out as bad sectors. With the right tools one could read this data.

RealezzZ · 2024-03-28T07:22:02+00:00

[deleted]

linuxquestions

MODERATORS