Re: CentOS 6.9, shredding a RAID

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

John R Pierce wrote:
> On 5/31/2017 10:13 AM, m.roth@xxxxxxxxx wrote:
>> If I had realized it would run this long, I would have used DBAN.... For
>> single drives, I do, and choose DoD 5220.22-M (seven passes), which is
>> *way*  overkill these days... but I sign my name to a certificate that
>> gets stuck on the outside of the server, meaning I, personally, am
>> responsible for the sanitization of the drive(s).
>
> the DoD multipass erase procedure is long obsolete and deprecated.   It
> was based on MFM and RLL technology prevalent in the mid 1980s.   NISPOM
> 2006-5220 replaced it in 2006, and says "DESTROY CONFIDENTIAL/SECRET
> INFORMATION PHYSICALLY".
>
> http://www.infosecisland.com/blogview/16130-The-Urban-Legend-of-Multipass-Hard-Disk-Overwrite.html
> http://www.dss.mil/documents/odaa/nispom2006-5220.pdf
>
> from that blog,...
>
>> Fortunately, several security researchers presented a paper [WRIG08
>> <http://www.springerlink.com/content/408263ql11460147/>] at the Fourth
>> International Conference on Information Systems Security (ICISS 2008)
>> that declares the “great wiping controversy” about how many passes of
>> overwriting with various data values to be settled: their research
>> demonstrates that a single overwrite using an arbitrary data value
>> will render the original data irretrievable even if MFM and STM
>> techniques are employed.
>>
>> The researchers found that the probability of recovering a single bit
>> from a previously used HDD was only slightly better than a coin toss,
>> and that the probability of recovering more bits decreases
>> exponentially so that it quickly becomes close to zero.
>>
>> Therefore, a single pass overwrite with any arbitrary value (randomly
>> chosen or not) is sufficient to render the original HDD data
>> effectively irretrievable.
>
> so a single pass of zeros is plenty adequate for casual use, and
> physical device destruction is the only approved method for anything
> actually top secret.

Not dealing with "secret", dealing with HIPAA and PII data. And *sigh*
Homeland Security Theater dictates....

      mark

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux