Subject: Re: securely erasing a hard disk
To: Thor Lancelot Simon <email@example.com>
From: Daniel Carosone <firstname.lastname@example.org>
Date: 10/21/2005 13:46:00
Content-Type: text/plain; charset=us-ascii
> | unlike earlier revisions of NISPOM, the 2003 matrix imposes requirements
> | which make it clear that the standard does not and can not apply to the
> | erasure of individual files, in particular requirements relating to spare
> | sector management for an entire magnetic disk. Because these
> | requirements are not met, the -P option does not conform to the standard.
Further discussion of these kinds of issues can also be found in The
NetBSD Guide, in the chapter on the cgd(4) driver used for disk
encryption. In particular:
discusses the issue of spare sector management potentially leaving
copies of data un-erased, and a way to manage this risk, and
provides an example that can be used to wipe the data.
Personally, I prefer to scrub all new disks several times using this
mechanism (rekeying randomly each iteration). Not because I'm
concerned about preservation of the first image written, but because
this is a good way to exercise the disk surface with 'random'
patterns, and give the sparing mechanisms a chance to detect or remap
marginal or bad sectors *before* I entrust them with real data.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (NetBSD)
-----END PGP SIGNATURE-----