[CentOS] CentOS 6.9, shredding a RAID

Wed May 31 19:46:17 UTC 2017
m.roth at 5-cent.us <m.roth at 5-cent.us>

John R Pierce wrote:
> On 5/31/2017 10:13 AM, m.roth at 5-cent.us wrote:
>> If I had realized it would run this long, I would have used DBAN.... For
>> single drives, I do, and choose DoD 5220.22-M (seven passes), which is
>> *way*  overkill these days... but I sign my name to a certificate that
>> gets stuck on the outside of the server, meaning I, personally, am
>> responsible for the sanitization of the drive(s).
>
> the DoD multipass erase procedure is long obsolete and deprecated.   It
> was based on MFM and RLL technology prevalent in the mid 1980s.   NISPOM
> 2006-5220 replaced it in 2006, and says "DESTROY CONFIDENTIAL/SECRET
> INFORMATION PHYSICALLY".
>
> http://www.infosecisland.com/blogview/16130-The-Urban-Legend-of-Multipass-Hard-Disk-Overwrite.html
> http://www.dss.mil/documents/odaa/nispom2006-5220.pdf
>
> from that blog,...
>
>> Fortunately, several security researchers presented a paper [WRIG08
>> <http://www.springerlink.com/content/408263ql11460147/>] at the Fourth
>> International Conference on Information Systems Security (ICISS 2008)
>> that declares the “great wiping controversy” about how many passes of
>> overwriting with various data values to be settled: their research
>> demonstrates that a single overwrite using an arbitrary data value
>> will render the original data irretrievable even if MFM and STM
>> techniques are employed.
>>
>> The researchers found that the probability of recovering a single bit
>> from a previously used HDD was only slightly better than a coin toss,
>> and that the probability of recovering more bits decreases
>> exponentially so that it quickly becomes close to zero.
>>
>> Therefore, a single pass overwrite with any arbitrary value (randomly
>> chosen or not) is sufficient to render the original HDD data
>> effectively irretrievable.
>
> so a single pass of zeros is plenty adequate for casual use, and
> physical device destruction is the only approved method for anything
> actually top secret.

Not dealing with "secret", dealing with HIPAA and PII data. And *sigh*
Homeland Security Theater dictates....

      mark