John R Pierce wrote:> On 5/31/2017 8:04 AM, m.roth at 5-cent.us wrote: >> I've got an old RAID that I attached to a box. LSI card, and the RAID >> has 12 drives, for a total RAID size of 9.1TB, I think. I started shred >> /dev/sda the Friday before last... and it's still running. Is this >> reasonable for it to be taking this long...? > > not at all surprising, as that raid sounds like its built with older > slower drives.It's maybe from '09 or '10. I *think* they're 1TB (which would make sense, given the size of what I remember of the RAID).> > I would discombobulate the raid, turn it into 12 discrete drives, and useWell, shred's already been running for this long... <snip>> unless that volume has data that requires military level destruction, > where upon the proper method is to run the drives through a grinder so > they are metal filings. the old DoD multipass erasure specification > is long obsolete and was never that great.If I had realized it would run this long, I would have used DBAN.... For single drives, I do, and choose DoD 5220.22-M (seven passes), which is *way* overkill these days... but I sign my name to a certificate that gets stuck on the outside of the server, meaning I, personally, am responsible for the sanitization of the drive(s). And I work for a US federal contractor[1][2] mark 1. I do not speak for my employer, the US federal government agency I work at, nor, as my late wife put it, the view out my window (if I had a window). 2. I'm with the government, and I'm here to help you. (Actually, civilian sector, so yes, I am.
On 5/31/2017 10:13 AM, m.roth at 5-cent.us wrote:> If I had realized it would run this long, I would have used DBAN.... For > single drives, I do, and choose DoD 5220.22-M (seven passes), which is > *way* overkill these days... but I sign my name to a certificate that gets > stuck on the outside of the server, meaning I, personally, am responsible > for the sanitization of the drive(s).the DoD multipass erase procedure is long obsolete and deprecated. It was based on MFM and RLL technology prevalent in the mid 1980s. NISPOM 2006-5220 replaced it in 2006, and says "DESTROY CONFIDENTIAL/SECRET INFORMATION PHYSICALLY". http://www.infosecisland.com/blogview/16130-The-Urban-Legend-of-Multipass-Hard-Disk-Overwrite.html http://www.dss.mil/documents/odaa/nispom2006-5220.pdf from that blog,...> Fortunately, several security researchers presented a paper [WRIG08 > <http://www.springerlink.com/content/408263ql11460147/>] at the Fourth > International Conference on Information Systems Security (ICISS 2008) > that declares the ?great wiping controversy? about how many passes of > overwriting with various data values to be settled: their research > demonstrates that a single overwrite using an arbitrary data value > will render the original data irretrievable even if MFM and STM > techniques are employed. > > The researchers found that the probability of recovering a single bit > from a previously used HDD was only slightly better than a coin toss, > and that the probability of recovering more bits decreases > exponentially so that it quickly becomes close to zero. > > Therefore, a single pass overwrite with any arbitrary value (randomly > chosen or not) is sufficient to render the original HDD data > effectively irretrievable. >so a single pass of zeros is plenty adequate for casual use, and physical device destruction is the only approved method for anything actually top secret. -- john r pierce, recycling bits in santa cruz
John R Pierce wrote:> On 5/31/2017 10:13 AM, m.roth at 5-cent.us wrote: >> If I had realized it would run this long, I would have used DBAN.... For >> single drives, I do, and choose DoD 5220.22-M (seven passes), which is >> *way* overkill these days... but I sign my name to a certificate that >> gets stuck on the outside of the server, meaning I, personally, am >> responsible for the sanitization of the drive(s). > > the DoD multipass erase procedure is long obsolete and deprecated. It > was based on MFM and RLL technology prevalent in the mid 1980s. NISPOM > 2006-5220 replaced it in 2006, and says "DESTROY CONFIDENTIAL/SECRET > INFORMATION PHYSICALLY". > > http://www.infosecisland.com/blogview/16130-The-Urban-Legend-of-Multipass-Hard-Disk-Overwrite.html > http://www.dss.mil/documents/odaa/nispom2006-5220.pdf > > from that blog,... > >> Fortunately, several security researchers presented a paper [WRIG08 >> <http://www.springerlink.com/content/408263ql11460147/>] at the Fourth >> International Conference on Information Systems Security (ICISS 2008) >> that declares the ?great wiping controversy? about how many passes of >> overwriting with various data values to be settled: their research >> demonstrates that a single overwrite using an arbitrary data value >> will render the original data irretrievable even if MFM and STM >> techniques are employed. >> >> The researchers found that the probability of recovering a single bit >> from a previously used HDD was only slightly better than a coin toss, >> and that the probability of recovering more bits decreases >> exponentially so that it quickly becomes close to zero. >> >> Therefore, a single pass overwrite with any arbitrary value (randomly >> chosen or not) is sufficient to render the original HDD data >> effectively irretrievable. > > so a single pass of zeros is plenty adequate for casual use, and > physical device destruction is the only approved method for anything > actually top secret.Not dealing with "secret", dealing with HIPAA and PII data. And *sigh* Homeland Security Theater dictates.... mark