On Apr 1, 2012, at 4:41 AM, Glen Turner wrote: > Keeping a large sample on permanent storage of > "random numbers" generated by that very machine is providing a very > large lever to push against any flaw. So you're suggesting it's better to /dev/zero the disk than /dev/urandom the disk? What about ATA Secure Erase, or Enhance Secure Erase? None of this comes up in best practices, although it is certainly the only possible way (not guaranteed, but dd is certain to fail) to remove user data from presently unassigned LBA on either HDD or SSD. Best as I can tell, ATA Secure Erase writes zeros. Enhanced Secure Erase writes a "pattern" defined by the disk manufacturer. In either case, while the encrypted data start/end is likely locatable, unlike if good random data were written first, it should at least remove user data in both reserved (or removed) blocks and LBA assigned blocks. Chris Murphy -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel