John R Pierce wrote:> On 5/31/2017 10:13 AM, m.roth at 5-cent.us wrote: >> If I had realized it would run this long, I would have used DBAN.... For >> single drives, I do, and choose DoD 5220.22-M (seven passes), which is >> *way* overkill these days... but I sign my name to a certificate that >> gets stuck on the outside of the server, meaning I, personally, am >> responsible for the sanitization of the drive(s). > > the DoD multipass erase procedure is long obsolete and deprecated. It > was based on MFM and RLL technology prevalent in the mid 1980s. NISPOM > 2006-5220 replaced it in 2006, and says "DESTROY CONFIDENTIAL/SECRET > INFORMATION PHYSICALLY". > > http://www.infosecisland.com/blogview/16130-The-Urban-Legend-of-Multipass-Hard-Disk-Overwrite.html > http://www.dss.mil/documents/odaa/nispom2006-5220.pdf > > from that blog,... > >> Fortunately, several security researchers presented a paper [WRIG08 >> <http://www.springerlink.com/content/408263ql11460147/>] at the Fourth >> International Conference on Information Systems Security (ICISS 2008) >> that declares the ?great wiping controversy? about how many passes of >> overwriting with various data values to be settled: their research >> demonstrates that a single overwrite using an arbitrary data value >> will render the original data irretrievable even if MFM and STM >> techniques are employed. >> >> The researchers found that the probability of recovering a single bit >> from a previously used HDD was only slightly better than a coin toss, >> and that the probability of recovering more bits decreases >> exponentially so that it quickly becomes close to zero. >> >> Therefore, a single pass overwrite with any arbitrary value (randomly >> chosen or not) is sufficient to render the original HDD data >> effectively irretrievable. > > so a single pass of zeros is plenty adequate for casual use, and > physical device destruction is the only approved method for anything > actually top secret.Not dealing with "secret", dealing with HIPAA and PII data. And *sigh* Homeland Security Theater dictates.... mark
On 5/31/2017 12:46 PM, m.roth at 5-cent.us wrote:> Not dealing with "secret", dealing with HIPAA and PII data. And*sigh* > Homeland Security Theater dictates....We run all used disks through a shredder before surplusing any systems, and we are just a manufacturing company dealing with internal corporate IT stuff. the shredder is a truck from a 'data destruction' service that comes every so often and destroys the current inventory of surplus disks. A corporate eSecurity officer witnesses this to ensure drives aren't diverted into the grey market. each drive goes into the shredder and comes out as metal filings. -- john r pierce, recycling bits in santa cruz
On 31/05/17 21:23, John R Pierce wrote:> On 5/31/2017 12:46 PM, m.roth at 5-cent.us wrote: >> Not dealing with "secret", dealing with HIPAA and PII data. And*sigh* >> Homeland Security Theater dictates.... > > We run all used disks through a shredder before surplusing any systems, > and we are just a manufacturing company dealing with internal corporate > IT stuff. the shredder is a truck from a 'data destruction' service > that comes every so often and destroys the current inventory of surplus > disks. A corporate eSecurity officer witnesses this to ensure drives > aren't diverted into the grey market. each drive goes into the shredder > and comes out as metal filings. >Not relevant to this particular instance, but for domestic disks I keep them (along with old credit cards, memory sticks etc) until I have the garden incinerator going. With a good bright red firebed the disks don't last long - some run out of the bottom as liquid aluminium. I'm pretty certain even MI5/NSA won't get much off congealed Al! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20170531/449df1a0/attachment-0001.sig>
John R Pierce wrote:> On 5/31/2017 12:46 PM, m.roth at 5-cent.us wrote: >> Not dealing with "secret", dealing with HIPAA and PII data. And*sigh* >> Homeland Security Theater dictates.... > > We run all used disks through a shredder before surplusing any systems, > and we are just a manufacturing company dealing with internal corporate > IT stuff. the shredder is a truck from a 'data destruction' service > that comes every so often and destroys the current inventory of surplus > disks. A corporate eSecurity officer witnesses this to ensure drives > aren't diverted into the grey market. each drive goes into the shredder > and comes out as metal filings. >The alternative is to wait for my manager to return, and then have the drives deGaussed. Oh... and I just looked, ahh, yeah, I think something's going on... given that it's not 12 days, but that I started it on 11 May.... mark