DoD Harddrive Secure Erase Wipe

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
DoD Harddrive Secure Erase Wipe

I have a project which I need to DoD harddrives for the company. I
have large raid-scsi enclosure which I can use.

I have access Quad/Octa Xeon P4 servers with 3 dual channel LVE/SE
ultra scsi 160 cards. With these, I would be able to drive 4 x 14 scsi
drive (IBM EXP300 / 3531-1RU) units.

What are my options?

I was thinking about doing following.

1. for i in 1 2 3 4 5 6 7; do time dd /dev/random of=/dev/sda
bs=1048576; done

Use the random bits into drive 7 times.
I think with  14 x 36GB scsi in raid5 setup would take approximately
18 x 7pass = 5 days.
This is pretty bad.

2. I could setup stripped version of gentoo with proper raid
controller driver(here IBM ServeRaid 4Mx and run DBAN from boot drive.

I've got a question, does anyone have working knowledge of DoD5200.28-
STD & DoD5200.22-M? I need to know how it's supposed to work, then I
could just write simple c program to erase drive instead of relying on
other tools for speed.
I need fastest solution available.


Re: DoD Harddrive Secure Erase Wipe

Quoted text here. Click to load it

As best I understand, there -are- no "simple" programs that do DoD
approved wipes. Multiple passes with random data is not enough:
you have to ensure that you get at all the spared sectors and at
any left-over data clusters that don't happen to fit clusters with
the current sector length. You mentioned RAID, and RAID tends to
use sector lengths a little above 512, so if there was ever a time
when an individual drive was formated for use outside of the RAID,
the left-over clusters could occur (and if you are working to DoD
specs then you had best assume that the drives might have had
different uses before they made it to the present RAID.)

Quoted text here. Click to load it

Hardware destruction such as triggered thermite, or an
artificial EMP. Oh, and consider only writing encrypted data on
to the RAID in the first place (including only using encrypted

If you really *need* DoD level wiping, then you will have a
contact either within your company or within the DoD who will
guide you through the requirements. Counting on anything that *I*
say on the matter could be a serious mistake: after all, I might
work for a foreign government and thus have an interest in ensuring
that your wipe is *not* thorough.

(And as a matter of fact, I do work for a foreign government...)

Re: DoD Harddrive Secure Erase Wipe

oktokie schrieb:
Quoted text here. Click to load it
Use commercial software, or search for a company, who wipes onsite.
Wiping of HDDs with a special standard is not only writing some pattern
onto the Disks. It also includes e.g. reporting of sucessfull /
unsucessfull wiping, detection of bad or remapped sectors, processing
these parts etc.

If you need more info or contacts, please PM to me, with indication of
your contry / address.

bye Christoph

Quoted text here. Click to load it
Quoted text here. Click to load it

Re: DoD Harddrive Secure Erase Wipe

On Wed, 2 Apr 2008, in the Usenet newsgroup, in article
oktokie wrote:

NOTE: Posting from (or some web-forums) dramatically
reduces the chance of your post being seen.  Find a real news server.

Quoted text here. Click to load it

"need to" or "want to" - If you are required by a DoD contract to wipe
the drives, talk to your Contracting Officer, and do _EXACTLY_ what
the officer requires.    If you want to scrub the drives for some
reason, it's going to be a lot simpler to destroy the drive media.
Drives are cheap, your time isn't.

Quoted text here. Click to load it

man random     and then find a dictionary and look up the word "entropy".

Quoted text here. Click to load it

That is one shitload of entropy - are you using an external noise
generator to create it?    Or do you think your built-in random
number generator is infinitely fast and endless?

Quoted text here. Click to load it

Sounds imaginative - but you are better served by opening up each drive,
removing the platters, and physically destroying them, which means down
to a blob of slag, or a bag full of dust particles (none of which are
larger than one half the width of an individual track).  If you take
the platters out, chuck a bunch of them using a large nut and bolt into
a drill-press, and then take a file to the stack as it's spinning, do
remember to wear eye protection at the very least, as the platter MAY
shatter (many are now built on a ceramic substrate).

Quoted text here. Click to load it

Repeating - if you have a government requirement to sanitize the drives,
then you follow EXACTLY what the Contracting Officer tells you to do. No
exceptions.       If this is NOT a government requirement, then simply
physically destroy the media.  If all you are trying to do is destroy
the evidence to keep your ass out of jail, make a single pass on each
drive writing zeros (/dev/zero) and a second pass writing ones (/dev/one)
and while that is taking several hours to complete, look in the New York
area telephone book and look in the Yellow Pages under "Computers - Data
Recovery" as most of those companies also offer data destruction services
as well.    Or you _could_ use the search engine you are posting from...

Quoted text here. Click to load it

Physically destroy the media.

        Old guy

Re: DoD Harddrive Secure Erase Wipe

oktokie wrote:

Quoted text here. Click to load it
Sorry, i had not read this.
You are talking about 36GB, this is scrap.
Wiping with software is senseless.
Destroying will be the quickest and cheapest.
In our process we would degauss an shredder them, no reuse.


Quoted text here. Click to load it

Site Timeline