On 9 May 2018 at 11:52, John Hodrien <J.H.Hodrien at leeds.ac.uk> wrote: > On Wed, 9 May 2018, m.roth at 5-cent.us wrote: > >> Federal contractor here, too. (I'm the OP). For disks that work, shred or >> DBAN is what we use. For dead disks, we do the paperwork, and get them >> deGaussed. SSD's are a brand new issue. We haven't had to deal with them >> yet, but it's surely coming, so we might as well figure it out now. > > > Does anyone use hdparm's enhanced security erase feature for wiping working > drives? > > Sounds more secure than DBAN/shred, and potentially faster too. It's not > something I've used. > It really depends on if the drive actually does what the commands say it does. Most modern drives should do the reset/erase of sectors/cells.. but if the drive manufacturer decides "well we could short cut this by having it just read every sector as 0 until written" and you think you have wiped the data, but it is still there for physical audit. And we have all seen enough dodgy "well this is the lowest end drive we are losing money on if we sell it.. unless we cut corners" to know someone somewhere is going to do that. Which then will make it probably just an additional step everyone has to do. 1. secure wipe drive 2. run dban/shred for 3-4 wipes. 3. fill out paperwork that you did 1 and 2. 4. secure wipe drive 5. send to industrial shredder. > jh > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos -- Stephen J Smoogen.