Re: DoD Harddrive Secure Erase Wipe

Re: DoD Harddrive Secure Erase Wipe

am 03.04.2008 17:59:32 von ibuprofin

On Wed, 2 Apr 2008, in the Usenet newsgroup comp.security.misc, in article
<2c114aec-04ba-4579-ae1b-5389bc17cf5b@u10g2000prn.googlegroups.com>,
oktokie wrote:

NOTE: Posting from groups.google.com (or some web-forums) dramatically
reduces the chance of your post being seen. Find a real news server.

>I have a project which I need to DoD harddrives for the company. I
>have large raid-scsi enclosure which I can use.

"need to" or "want to" - If you are required by a DoD contract to wipe
the drives, talk to your Contracting Officer, and do _EXACTLY_ what
the officer requires. If you want to scrub the drives for some
reason, it's going to be a lot simpler to destroy the drive media.
Drives are cheap, your time isn't.

>I was thinking about doing following.
>
>1. for i in 1 2 3 4 5 6 7; do time dd /dev/random of=/dev/sda
>bs=1048576; done
>
>Use the random bits into drive 7 times.

man random and then find a dictionary and look up the word "entropy".

>I think with 14 x 36GB scsi in raid5 setup would take approximately
>18 x 7pass = 5 days.
>This is pretty bad.

That is one shitload of entropy - are you using an external noise
generator to create it? Or do you think your built-in random
number generator is infinitely fast and endless?

>2. I could setup stripped version of gentoo with proper raid
>controller driver(here IBM ServeRaid 4Mx and run DBAN from boot drive.

Sounds imaginative - but you are better served by opening up each drive,
removing the platters, and physically destroying them, which means down
to a blob of slag, or a bag full of dust particles (none of which are
larger than one half the width of an individual track). If you take
the platters out, chuck a bunch of them using a large nut and bolt into
a drill-press, and then take a file to the stack as it's spinning, do
remember to wear eye protection at the very least, as the platter MAY
shatter (many are now built on a ceramic substrate).

>I've got a question, does anyone have working knowledge of DoD5200.28-
>STD & DoD5200.22-M? I need to know how it's supposed to work, then I
>could just write simple c program to erase drive instead of relying on
>other tools for speed.

Repeating - if you have a government requirement to sanitize the drives,
then you follow EXACTLY what the Contracting Officer tells you to do. No
exceptions. If this is NOT a government requirement, then simply
physically destroy the media. If all you are trying to do is destroy
the evidence to keep your ass out of jail, make a single pass on each
drive writing zeros (/dev/zero) and a second pass writing ones (/dev/one)
and while that is taking several hours to complete, look in the New York
area telephone book and look in the Yellow Pages under "Computers - Data
Recovery" as most of those companies also offer data destruction services
as well. Or you _could_ use the search engine you are posting from...

>I need fastest solution available.

Physically destroy the media.

Old guy