Sorin Srbu wrote:
I second that. Dban is the niftiest thing since sliced bread. Very handy tool, if a bit slow. But I guess that comes with the territory. 8-)
DBAN runs at wire speed. Its just that disks with 100s or 1000s of gigabytes take a long long time to fully write.
DBAN's default erase sequence is excessive for modern disks. the old DOD erase sequences were devised for media that used simple NRZ type encodings, with RLL encoding methods used by modern disks, they don't make any sense at all. all you really need is to write the disk with all 1s, then all 0s, and its about as good as it will get, not even CSI:Miami will find any actual data on it (of course, if the script writers need to, they'll invent data out of thin air).
Sorin Srbu wrote:
I second that. Dban is the niftiest thing since sliced bread. Very handy tool, if a bit slow. But I guess that comes with the territory. 8-)
DBAN runs at wire speed. Its just that disks with 100s or 1000s of gigabytes take a long long time to fully write.
DBAN's default erase sequence is excessive for modern disks. the old DOD erase sequences were devised for media that used simple NRZ type encodings, with RLL encoding methods used by modern disks, they don't make any sense at all. all you really need is to write the disk with all 1s, then all 0s, and its about as good as it will get, not even CSI:Miami will find any actual data on it (of course, if the script writers need to, they'll invent data out of thin air).
That may be the case, but the laws and regulations still want that level of security, due to the regular "one of our people lost a laptop/it was stolen, and 7 zillion PII* got stolen!!!"
mark "yes, I am working for the gov't"
* PII - personal identity information
m.roth@5-cent.us wrote:
That may be the case, but the laws and regulations still want that level of security, due to the regular "one of our people lost a laptop/it was stolen, and 7 zillion PII* got stolen!!!"
mark "yes, I am working for the gov't"
the oft-quoted 1995 vintage DoD 5220-22m standard of writing 1010, 0101, 1111, 0000 then repeating three times was deprecated from the 2001 edition of the same document.
the NIST has a document on data destruction, too... http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pdf where table 2-1 says a single overwrite is quite sufficient on most of today's media...
For truly secure data erasure, shread the drives in a chipper, its faster and cheaper. NIST defines three levels, 'clear', 'purge', and 'destroy'. clear is simply writing a random pattern over the data. 'purge' is degaussing the media, which renders it permanently unusuable with any modern disk, so you might as well grind/incinerate/etc the drives.
I like the bit on page 32 of that document telling the telecommuter how to smash a drive with a hammer if he doesn't have access to proper equipment.
m.roth@5-cent.us wrote:
That may be the case, but the laws and regulations still want that level of security, due to the regular "one of our people lost a laptop/it was stolen, and 7 zillion PII* got stolen!!!"
mark "yes, I am working for the gov't"
But not the DoD, let me say.
the oft-quoted 1995 vintage DoD 5220-22m standard of writing 1010, 0101, 1111, 0000 then repeating three times was deprecated from the 2001 edition of the same document.
Haven't read that, but I was told seven passes.
the NIST has a document on data destruction, too... http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pdf where table 2-1 says a single overwrite is quite sufficient on most of today's media...
I'd trust the NIST. However, management is often some ways behind reality.... <snip>
I like the bit on page 32 of that document telling the telecommuter how to smash a drive with a hammer if he doesn't have access to proper equipment.
They were *supposed* to do that on the plane that the Chinese got in what, '01?
mark
-
John R Pierce -
m.roth@5-cent.us