Re: DoD Harddrive Secure Erase Wipe

oktokie <oktokie@xxxxxxxxx> wrote in news:32bea820-e550-4f70-9f1f-
bf50673a8faf@xxxxxxxxxxxxxxxxxxxxxxxxxxx:

...then I
could just write simple c program to erase drive instead of relying on
other tools for speed.
I need fastest solution available.


I caution against writing your own program unless you have an intimate
understanding of how the hard drive itself handles writes. For instance,
with the large buffers on many current HDs it is quite possible that only
the last write of a series of writes to a given sector micht actually
make it to the platters (depending on how your software is written).
Similarly, it is non-trivial to ensure that any flagged and remapped
sectors (those listed in the G-list and, if you're a paranoid, possibly
even those in the P-list) not be skipped for overwriting lest they
contain sensitive data. Also be sure not to accidentally skip over any
HPA sectors, if present.

I suggest that, in addition to using any roll-your-own erase program, you
use the HD manufacturer's software to invoke the "secure erase" command
that is part of any ATA-spec-compliant modern HD (which is to say, all of
them). It's also *much faster* than block writing.

You may also wish to use the DoD-compliant erasing program HDDerase
http://cmrr.ucsd.edu/people/Hughes/HDDErase.zip from the Center for
Magnetic Recording Research at UCSDhttp://cmrr.ucsd.edu/

In fact, lingering there to do a little reading might be helpful :-)

As for me, I don't believe in erasing and recycling drives if they're to
go out of house - I believe in destroying them. I note that DoD 522.22M
requires physical destruction the magnetic disks for data above
"secret." So I take the "roach motel" approach with HDs: "drives check
in but they don't check out."

HDs are cheap, it takes much care and time to erase them properly, and
risks and liabilities are large if there's a ***-up (procedural ***-ups
are quite common which vitiates the hoped-for protection of even the best
erasure software :-)

Regards,

PS Most SCSI drives do not natively support a "secure erase" command
equivalent to that in ATA drives (the command is *optional* in the SCSI
spec and no drives currently implement it).

PPS For better control of the process, consider such (very expensive)
solutions as the "Digatal Shredder"
http://www.deadondemand.com/products/digitalshredder/

.