The risk is reading unused blocks using the drive's hardware. Those unused blocks may contain user data, operating system state, or a covert channel allowing data or state to be inferred. The response is to overwrite all of the disk with some value. The random number generator is a higher risk means to provide that value than writing a fixed value. Firstly, it is difficult to test that the operation has succeeded. Whereas the operation of writing a fixed value is simple to verify. Secondly, the operation of the random number generator itself is difficult to test. In general, non-cryptographers see random numbers as some sort of magic sauce whereas cryptographers see "random numbers" as a lever to crack open the machine state. Random numbers are invaluable for forcing attackers to search an entire state. But where they are not needed they should not be used, since if you don't provide a lever than an attacker can't push against it. Keeping a large sample on permanent storage of "random numbers" generated by that very machine is providing a very large lever to push against any flaw. -- Glen Turner <http://www.gdt.id.au/~gdt/> -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
