DoD Harddrive Secure Erase Wipe

Discussion in 'Computer Security' started by oktokie, Apr 3, 2008.

  1. oktokie

    oktokie Guest

    DoD Harddrive Secure Erase Wipe

    I have a project which I need to DoD harddrives for the company. I
    have large raid-scsi enclosure which I can use.

    I have access Quad/Octa Xeon P4 servers with 3 dual channel LVE/SE
    ultra scsi 160 cards. With these, I would be able to drive 4 x 14 scsi
    drive (IBM EXP300 / 3531-1RU) units.

    What are my options?

    I was thinking about doing following.

    1. for i in 1 2 3 4 5 6 7; do time dd /dev/random of=/dev/sda
    bs=1048576; done

    Use the random bits into drive 7 times.
    I think with 14 x 36GB scsi in raid5 setup would take approximately
    18 x 7pass = 5 days.
    This is pretty bad.

    2. I could setup stripped version of gentoo with proper raid
    controller driver(here IBM ServeRaid 4Mx and run DBAN from boot drive.

    I've got a question, does anyone have working knowledge of DoD5200.28-
    STD & DoD5200.22-M? I need to know how it's supposed to work, then I
    could just write simple c program to erase drive instead of relying on
    other tools for speed.
    I need fastest solution available.

    Thanks.
     
    oktokie, Apr 3, 2008
    #1
    1. Advertisements

  2. From: "oktokie" <>

    | DoD Harddrive Secure Erase Wipe
    |
    | I have a project which I need to DoD harddrives for the company. I
    | have large raid-scsi enclosure which I can use.
    |
    | I have access Quad/Octa Xeon P4 servers with 3 dual channel LVE/SE
    | ultra scsi 160 cards. With these, I would be able to drive 4 x 14 scsi
    | drive (IBM EXP300 / 3531-1RU) units.
    |
    | What are my options?
    |
    | I was thinking about doing following.
    |
    | 1. for i in 1 2 3 4 5 6 7; do time dd /dev/random of=/dev/sda
    | bs=1048576; done
    |
    | Use the random bits into drive 7 times.
    | I think with 14 x 36GB scsi in raid5 setup would take approximately
    | 18 x 7pass = 5 days.
    | This is pretty bad.
    |
    | 2. I could setup stripped version of gentoo with proper raid
    | controller driver(here IBM ServeRaid 4Mx and run DBAN from boot drive.
    |
    | I've got a question, does anyone have working knowledge of DoD5200.28-
    | STD & DoD5200.22-M? I need to know how it's supposed to work, then I
    | could just write simple c program to erase drive instead of relying on
    | other tools for speed.
    | I need fastest solution available.
    |
    | Thanks.

    Based upon a memo by Linton Wells II on the sanitization of of non-classified hard disks,
    circa June '01...

    You have to write a bit pattern such as; 11110000
    Then its complement such as; 00001111
    Then another pattern such as; 01010101
    Which has to be repeated 6 times.

    "Sanitization is not complete until all six passes of the three cycles are completed".
     
    David H. Lipman, Apr 3, 2008
    #2
    1. Advertisements

  3. oktokie

    Sebastian G. Guest


    Wow, just four obvious problems...

    1. the syntax if "if=$inputdevice".

    2. This will take forever, since /dev/random blocks if not sufficient
    entropy is available, and only fill up at a rate of about 1 KB/s.

    3. Without a 'sync' at the end, the last block might not be written in case
    of a hard crash.

    4. Why a blocksize of only 1 MB, and why not write it as "1m"?

    As standing above, it would rather take 117.3 years. :)

    However, I can't follow your calculation either. If you write to all disks
    simultanously (damn, add a '&'!), at a rate of 40 MB/s, it would take
    roughly 2 hours.

    Simply said, it's an out-dated idea with concepts that don't apply any more.
    Unless you're required to do it, don't do it.
     
    Sebastian G., Apr 3, 2008
    #3
  4. oktokie

    Jim Watt Guest

    The cost of the effort exceeds the value of the disks
    shred them and be done.

    Otherwise wipe them individually.

    raid is about preserving data not destroying it.
     
    Jim Watt, Apr 3, 2008
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.