On 5/31/2017 10:13 AM, m.roth@xxxxxxxxx wrote:
If I had realized it would run this long, I would have used DBAN.... For
single drives, I do, and choose DoD 5220.22-M (seven passes), which is
*way* overkill these days... but I sign my name to a certificate that gets
stuck on the outside of the server, meaning I, personally, am responsible
for the sanitization of the drive(s).
the DoD multipass erase procedure is long obsolete and deprecated. It
was based on MFM and RLL technology prevalent in the mid 1980s. NISPOM
2006-5220 replaced it in 2006, and says "DESTROY CONFIDENTIAL/SECRET
INFORMATION PHYSICALLY".
http://www.infosecisland.com/blogview/16130-The-Urban-Legend-of-Multipass-Hard-Disk-Overwrite.html
http://www.dss.mil/documents/odaa/nispom2006-5220.pdf
from that blog,...
Fortunately, several security researchers presented a paper [WRIG08
<http://www.springerlink.com/content/408263ql11460147/>] at the Fourth
International Conference on Information Systems Security (ICISS 2008)
that declares the “great wiping controversy” about how many passes of
overwriting with various data values to be settled: their research
demonstrates that a single overwrite using an arbitrary data value
will render the original data irretrievable even if MFM and STM
techniques are employed.
The researchers found that the probability of recovering a single bit
from a previously used HDD was only slightly better than a coin toss,
and that the probability of recovering more bits decreases
exponentially so that it quickly becomes close to zero.
Therefore, a single pass overwrite with any arbitrary value (randomly
chosen or not) is sufficient to render the original HDD data
effectively irretrievable.
so a single pass of zeros is plenty adequate for casual use, and
physical device destruction is the only approved method for anything
actually top secret.
--
john r pierce, recycling bits in santa cruz
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos