data shredder

[Gilles Gravier]

Hi!

On 21/12/2009 15:24, Amedee Van Gasse (ub) wrote:
> Hi Gilles!
>
> Something went wrong, I got your last mail 3 times.
>   
Yes. Ahem. Fingers acted out of their own will and did things. :)
> On Mon, December 21, 2009 14:48, Gilles Gravier wrote:
>
>   
>> The standards are still there, like /DoD 5220.22-M (3 passes).../ and
>> more also. See the list on my previous post.
>>     
> From Wikipdia:
> DoD 5220.22-M is sometimes cited as a standard for sanitization to counter
> data remanence. The NISPOM actually covers the entire field of
> government-industrial security, of which data sanitization is a very small
> part (about two paragraphs in a 141 page document).[4] Furthermore, the
> NISPOM does not actually specify any particular method. Standards for
> sanitization are left up to the Cognizant Security Authority. The Defense
> Security Service provides a Clearing and Sanitization Matrix (C&SM) which
> does specify methods.[5] As of the June 2007 edition of the DSS C&SM,
> overwriting is no longer acceptable for sanitization of magnetic media;
> only degaussing or physical destruction is acceptable.
>   

Yes. So software shredding is probably not good enough against people
with fancy hardware...

Note that my customers in the defense space never return faulty drives.
They physically convert them to dust. We just send them
"replacements"... but they don't send the bad ones in exchange. :)

>> Random data is not enough... If you're going random, you might as well
>> do one pass.
>>     
> Doh!
> You're right of course. Silly me.
>   
As I said, have a look at Radia Perlman's work on assured delete and the
ephemerizer.
>> Unless there is clear text in that block that allows a sector search to
>> find it...
>>     
> That assumes that you already know what you want to find. It won't work
> for a blind search.
>   
If you're taking somebody's disk... you know what you are looking for,
to some extent. :)

Gilles.