data shredder

Ray Leventhal ubuntu at swhi.net
Tue Dec 22 13:51:26 UTC 2009 

Amedee Van Gasse (ub) wrote:

<huge snip>

>> Sorry to come in late to this, but no.
>>
>> And...my apologies for going OT as the OP didn't ask for a diatribe :)
>>
>> According to NIST (the US's National Institute of Standards and
>> Technology) in their publication SP 800-88, 2 types of overwrite
>> standards are defined: 'clear' and 'purge'
>>
>> 'Clear' calls for the systematic overwriting of every addressable sector
>> of a drive and is sufficient for eradication, bypassing most labs'
>> ability to recover data, even data recovery companies (I work for one).
>>
>> 'Purge' calls for either 1) calling upon the firmware of the drive to
>> carry on the eradication by overwriting (security erase is one example),
>> or by physically shredding the hard drive into pieces of a defined size
>> (I cannot remember the size and don't have the spec in front of me).
>>
>> Both 'clear' and 'purge' are single pass overwrite paradigms...and both
>> are sufficient to eradicate data.
>>
>> The overwriting 3 pass former standard (referred to as DoD 5225.22M) is
>> deprecated, but when it was the 'way to go', it called for 3 passes...a
>> pattern, its compliment, then random data.
>>
>> The concept of digging into 'layers' of data on a magnetic spinning disk
>> is, in today's drives and technology, untrue.  As part of the data
>> eradication program we endorse where I work, a single pass of 'purge' or
>> 'clear' satisfies all US standards including GLBA, HIPAA and SoX.
>>
>> As this is wholly OT at this point, I'll be happy to reply privately if
>> there are any comments or questions.
> 
> 
> I'm glad that someone who works in a data recovery company agrees with me. :)
> I'm not ignorant on the subject, because it was one of the two subjects I
> was going to do my thesis on. (eventually I'm doing the other subject,
> about spam)
> 
> 
Amedee, this is not the first time we've been in agreement :)  As for 
your thesis, I'd be very interested to see it if you're ever willing to 
share.

My 'day job' is as the tech writer for the company and we make hardware 
that handles the eradication of data per NIST 'clear' and 'purge' 
standards.  If you feel there's any info I can help with, please feel 
free to contact me offlist.

-Ray

More information about the ubuntu-users mailing list