Re: CentOS 6.9, shredding a RAID

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 5/31/2017 10:13 AM, m.roth@xxxxxxxxx wrote:
If I had realized it would run this long, I would have used DBAN.... For
single drives, I do, and choose DoD 5220.22-M (seven passes), which is
*way*  overkill these days... but I sign my name to a certificate that gets
stuck on the outside of the server, meaning I, personally, am responsible
for the sanitization of the drive(s).


the DoD multipass erase procedure is long obsolete and deprecated. It was based on MFM and RLL technology prevalent in the mid 1980s. NISPOM 2006-5220 replaced it in 2006, and says "DESTROY CONFIDENTIAL/SECRET INFORMATION PHYSICALLY".

http://www.infosecisland.com/blogview/16130-The-Urban-Legend-of-Multipass-Hard-Disk-Overwrite.html
http://www.dss.mil/documents/odaa/nispom2006-5220.pdf

from that blog,...

Fortunately, several security researchers presented a paper [WRIG08 <http://www.springerlink.com/content/408263ql11460147/>] at the Fourth International Conference on Information Systems Security (ICISS 2008) that declares the “great wiping controversy” about how many passes of overwriting with various data values to be settled: their research demonstrates that a single overwrite using an arbitrary data value will render the original data irretrievable even if MFM and STM techniques are employed.

The researchers found that the probability of recovering a single bit from a previously used HDD was only slightly better than a coin toss, and that the probability of recovering more bits decreases exponentially so that it quickly becomes close to zero.

Therefore, a single pass overwrite with any arbitrary value (randomly chosen or not) is sufficient to render the original HDD data effectively irretrievable.


so a single pass of zeros is plenty adequate for casual use, and physical device destruction is the only approved method for anything actually top secret.


--
john r pierce, recycling bits in santa cruz

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux