[CentOS] CentOS 6.9, shredding a RAID

John R Pierce pierce at hogranch.com
Wed May 31 18:52:40 UTC 2017


On 5/31/2017 10:13 AM, m.roth at 5-cent.us wrote:
> If I had realized it would run this long, I would have used DBAN.... For
> single drives, I do, and choose DoD 5220.22-M (seven passes), which is
> *way*  overkill these days... but I sign my name to a certificate that gets
> stuck on the outside of the server, meaning I, personally, am responsible
> for the sanitization of the drive(s).


the DoD multipass erase procedure is long obsolete and deprecated.   It 
was based on MFM and RLL technology prevalent in the mid 1980s.   NISPOM 
2006-5220 replaced it in 2006, and says "DESTROY CONFIDENTIAL/SECRET 
INFORMATION PHYSICALLY".

http://www.infosecisland.com/blogview/16130-The-Urban-Legend-of-Multipass-Hard-Disk-Overwrite.html
http://www.dss.mil/documents/odaa/nispom2006-5220.pdf

from that blog,...

> Fortunately, several security researchers presented a paper [WRIG08 
> <http://www.springerlink.com/content/408263ql11460147/>] at the Fourth 
> International Conference on Information Systems Security (ICISS 2008) 
> that declares the “great wiping controversy” about how many passes of 
> overwriting with various data values to be settled: their research 
> demonstrates that a single overwrite using an arbitrary data value 
> will render the original data irretrievable even if MFM and STM 
> techniques are employed.
>
> The researchers found that the probability of recovering a single bit 
> from a previously used HDD was only slightly better than a coin toss, 
> and that the probability of recovering more bits decreases 
> exponentially so that it quickly becomes close to zero.
>
> Therefore, a single pass overwrite with any arbitrary value (randomly 
> chosen or not) is sufficient to render the original HDD data 
> effectively irretrievable.
>

so a single pass of zeros is plenty adequate for casual use, and 
physical device destruction is the only approved method for anything 
actually top secret.


-- 
john r pierce, recycling bits in santa cruz




More information about the CentOS mailing list