[Fed-Talk] Re: Secure Erase...
[Fed-Talk] Re: Secure Erase...
- Subject: [Fed-Talk] Re: Secure Erase...
- From: Allan Marcus <email@hidden>
- Date: Wed, 17 Dec 2008 12:53:26 -0700
There was no misinformation in my past e-mails. As stated below,
according to DOE requirements the final pass has to be a known
pattern, not random (DOE M 205.1-2, ATTACHMENT 4, Overwriting). This
is not a new DOE requirement; DOE and NNSA is just requiring LANL to
comply with all cyber requirements, and this is one that we were not
complying with before.
Another requirement is that the full disk wipe program must report
sectors that could not be wiped. Due to NDA I cannot quote Apple from
my AppleCare ticket (see ticket 327158), but essentially Disk Utility
skips mapped out bad blocks, even for a secure erase. DOE requires
that if a block cannot be wiped, the disk must be destroyed. I don't
even think disk utility reports on such bad blocks. We will probably
use DBAN for your Intel Macs to wipe their disks when needed.
I've corresponded with the developer of SheditX and they might be
adding a DOE standard to their erase options, which will meet our
needs. Also, Disk Scrub <http://sourceforge.net/project/showfiles.php?group_id=153984
> was written at LLNL and also meets our needs, but it a CLI only, so
it's not useful for mass deployment to our GUI using brethren.
Shawn,
I hope this helps you understand the DOE issues.
---
Thanks,
Allan Marcus
505-667-5666
On Dec 17, 2008, at 12:16 PM, Shawn A. Geddis wrote:
To continue to dispel misinformation being stated on this list...
On Dec 17, 2008, at 8:45 AM, Allan Marcus wrote:
We have a similar issue with secure erase. Apple secure file erase
will not meet DOE standards, so we are looking at ShredIt X. I've
spoken with the developer and he will be added a DOE method to the
ways file can be securely deleted.
Since "Secure Empty Trash" uses:
7-Pass Overwrite the file with 7 US DoD COmpliant Passes
(0xF6, 0x00, 0xFF, random, 0x00, 0xFF, random)
Since "srm" provides multiple options:
s - Simple Overwrite with a single pass of random data
m - Medium Overwrite the file with 7 US DoD COmpliant Passes
(0xF6, 0x00, 0xFF, random, 0x00, 0xFF, random)
z - Zero After overwriting, zero blocks used by file
Since Disk Utility provides multiple options for both "Erase Free
Space" and "Erase Volume":
a) Zero Out
b) 7-Pass Erase
c) 35-Pass Erase
What aspect of this is suddenly no longer acceptable to DOE ?
As for erasing a partition, we are looking at requiring a 7 pass
wipe, then a zero data wipe. The reason for the final wipe is
because DOE requires two wipes with random data then one wipe with
a known pattern. The final known patter allows cyber forensics to
verify the erase.
Therefore, the 7-pass DoD Compliant method exceeds the DOE
requirements and actually meets the requirements of what you are
looking to do.
Again, neither Apple's secure file erase nor the partition erase
allow for this pattern.
I think I have pointed out above that they actually exceed what you
are asking for.
:-( I've opened tickets with Apple tech support to have this
changed, but I'm not hopeful.
Ticket #s ?
- Shawn
_____________________________________________________
Shawn Geddis Security Consulting Engineer Apple Enterprise
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden