[CentOS] help fdisk and dd

Thu Mar 4 19:40:39 UTC 2010
John R Pierce <pierce at hogranch.com>

m.roth at 5-cent.us wrote:
> That may be the case, but the laws and regulations still want that level
> of security, due to the regular "one of our people lost a laptop/it was
> stolen, and 7 zillion PII* got stolen!!!"
>
>         mark "yes, I am working for the gov't"
>   


the oft-quoted 1995 vintage DoD 5220-22m standard of writing 1010, 0101, 
1111, 0000 then repeating three times was deprecated from the 2001 
edition of the same document.

the NIST has a document on data destruction, too...
http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pdf
where table 2-1 says a single overwrite is quite sufficient on most of 
today's media...

For truly secure data erasure, shread the drives in a chipper, its 
faster and cheaper.    NIST defines three levels, 'clear', 'purge', and 
'destroy'.   clear is simply writing a random pattern over the data.  
'purge' is degaussing the media, which renders it permanently unusuable 
with any modern disk, so you might as well grind/incinerate/etc the drives.

I like the bit on page 32 of that document telling the telecommuter how 
to smash a drive with a hammer if he doesn't have access to proper 
equipment.