--H1spWtNR+x+ondvy
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

> |    unlike earlier revisions of NISPOM, the 2003 matrix imposes requirements
> |    which make it clear that the standard does not and can not apply to the
> |    erasure of individual files, in particular requirements relating to spare
> |    sector management for an entire magnetic disk.  Because these
> |    requirements are not met, the -P option does not conform to the standard.


Further discussion of these kinds of issues can also be found in The
NetBSD Guide, in the chapter on the cgd(4) driver used for disk
encryption.  In particular:

 http://www.netbsd.org/guide/en/chap-cgd.html#chap-cgd-overview-why

 discusses the issue of spare sector management potentially leaving
 copies of data un-erased, and a way to manage this risk, and

 http://www.netbsd.org/guide/en/chap-cgd.html#chap-cgd-example-scrubbing

 provides an example that can be used to wipe the data.

Personally, I prefer to scrub all new disks several times using this
mechanism (rekeying randomly each iteration).  Not because I'm
concerned about preservation of the first image written, but because
this is a good way to exercise the disk surface with 'random'
patterns, and give the sparing mechanisms a chance to detect or remap
marginal or bad sectors *before* I entrust them with real data.

--
Dan.

--H1spWtNR+x+ondvy
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (NetBSD)

iD8DBQFDWGR3EAVxvV4N66cRAoU+AJ9N11PfurrDYdGqCfYwGI/nL2CjZgCgnSs5
jetGsbzGV7n7yyhqgbVWyUE=
=KAea
-----END PGP SIGNATURE-----

--H1spWtNR+x+ondvy--