Wiping Out Data

Jeffrey F. Bloss jbloss at tampabay.rr.com
Wed Mar 28 00:56:28 UTC 2007 

NoOp wrote:

<much snippage>

> STANDARDS
> The dod scrub sequence is compliant with the DoD 5220.22-M procedure for
> sanitizing removeable and non-removeable rigid disks which requires
> overwriting all addressable locations with a character, its complement,
> then a random character, and verify. Please refer to the DoD document
> for additional constraints.

<beanie type="foil">
I'd be a little cautious about relying on any DoD published standard as
something even a modestly competent "attacker" can't easily compromise.

It only makes sense for an agency with a mission statement that
includes not only not only protecting their own intelligence, but
collecting the other side's, to tell the world "three wipes is enough".
The random/compliment/zero thing would be a nice touch in fact. Sounds
thorough and probably sets up certain predictable residual patterns the
NSA just drools over. ;) 
</beanie>

Conspiracy theroies aside, in my experience the "DoD" doesn't wipe
sensitive data at all except under very rare circumstances, and even
then it's done in bulk with high tech degaussing equipment. Digital
media is typically treated the same as paper documents. Shredded,
incinerated, dissolved in a suitable liquid, and flushed down special
drains where it's "aged" before being ultimately disposed of. All under
armed guard of course.

I've even seen really expensive, hermetically sealed crypto hardware
"black boxes" that were designed to violently self destruct upon being
opened, decommissioned this way just to be on the safe side.

I could tell you more, but then I'd have to kill you. ;o)

-- 
     _?_      Outside of a dog, a book is a man's best friend.
    (o o)         Inside of a dog, it's too dark to read.
-oOO-(_)--OOo------------------------------[ Groucho Marx ]---
                    http://wrench.homelinux.net/~jeff/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 892 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20070327/7b51f0c3/attachment.sig>

More information about the ubuntu-users mailing list