DoD Harddrive Secure Erase Wipe

DoD Harddrive Secure Erase Wipe

I have a project which I need to DoD harddrives for the company. I
have large raid-scsi enclosure which I can use.

I have access Quad/Octa Xeon P4 servers with 3 dual channel LVE/SE
ultra scsi 160 cards. With these, I would be able to drive 4 x 14 scsi
drive (IBM EXP300 / 3531-1RU) units.

What are my options?

I was thinking about doing following.

1. for i in 1 2 3 4 5 6 7; do time dd /dev/random of=/dev/sda
bs=1048576; done

Use the random bits into drive 7 times.
I think with 14 x 36GB scsi in raid5 setup would take approximately
18 x 7pass = 5 days.
This is pretty bad.

2. I could setup stripped version of gentoo with proper raid
controller driver(here IBM ServeRaid 4Mx and run DBAN from boot drive.

I've got a question, does anyone have working knowledge of DoD5200.28-
STD & DoD5200.22-M? I need to know how it's supposed to work, then I
could just write simple c program to erase drive instead of relying on
other tools for speed.
I need fastest solution available.

Thanks.

 

From: "oktokie" <>

| DoD Harddrive Secure Erase Wipe
|
| I have a project which I need to DoD harddrives for the company. I
| have large raid-scsi enclosure which I can use.
|
| I have access Quad/Octa Xeon P4 servers with 3 dual channel LVE/SE
| ultra scsi 160 cards. With these, I would be able to drive 4 x 14 scsi
| drive (IBM EXP300 / 3531-1RU) units.
|
| What are my options?
|
| I was thinking about doing following.
|
| 1. for i in 1 2 3 4 5 6 7; do time dd /dev/random of=/dev/sda
| bs=1048576; done
|
| Use the random bits into drive 7 times.
| I think with 14 x 36GB scsi in raid5 setup would take approximately
| 18 x 7pass = 5 days.
| This is pretty bad.
|
| 2. I could setup stripped version of gentoo with proper raid
| controller driver(here IBM ServeRaid 4Mx and run DBAN from boot drive.
|
| I've got a question, does anyone have working knowledge of DoD5200.28-
| STD & DoD5200.22-M? I need to know how it's supposed to work, then I
| could just write simple c program to erase drive instead of relying on
| other tools for speed.
| I need fastest solution available.
|
| Thanks.

Based upon a memo by Linton Wells II on the sanitization of of non-classified hard disks,
circa June '01...

You have to write a bit pattern such as; 11110000
Then its complement such as; 00001111
Then another pattern such as; 01010101
Which has to be repeated 6 times.

"Sanitization is not complete until all six passes of the three cycles are completed".

 

Wow, just four obvious problems...

1. the syntax if "if=$inputdevice".

2. This will take forever, since /dev/random blocks if not sufficient
entropy is available, and only fill up at a rate of about 1 KB/s.

3. Without a 'sync' at the end, the last block might not be written in case
of a hard crash.

4. Why a blocksize of only 1 MB, and why not write it as "1m"?

As standing above, it would rather take 117.3 years.

However, I can't follow your calculation either. If you write to all disks
simultanously (damn, add a '&'!), at a rate of 40 MB/s, it would take
roughly 2 hours.

Simply said, it's an out-dated idea with concepts that don't apply any more.
Unless you're required to do it, don't do it.

 

The cost of the effort exceeds the value of the disks
shred them and be done.

Otherwise wipe them individually.

raid is about preserving data not destroying it.