Re: [Fed-Talk] secure empty trash DOD approved?
Re: [Fed-Talk] secure empty trash DOD approved?
- Subject: Re: [Fed-Talk] secure empty trash DOD approved?
- From: "Shawn A. Geddis" <email@hidden>
- Date: Mon, 25 Feb 2008 12:00:07 -0500
On Feb 22, 2008, at 4:38 PM, Allan Marcus wrote: Hello,
Can anyone tell me (and point to documentation) if the Secure Empty Trash feature in Tiger and Leopard is DoD 5220.22-M compliant? I see the documentation on Apple's web site that talks about Disk Utilities erase options, but not Secure Empty Trash or the "srm" command.
I need to document a procedure for Mac OS X to securely handle a sanitation. If you have a procedure that you can post or send me, please let me know.
Allan,
As you noted: Mac OS X 10.4: About Disk Utility's secure erase options
Additionally:
The man page on 'srm' specifically for option "-m" reads as follows:
-m, --medium overwrite the file with 7 US DoD compliant passes (0xF6, 0x00, 0xFF, random, 0x00, 0xFF, random)
Also: which is the same as...
The man page for 'diskutil' specifically for option 'secureErase' reads as follows:
secureErase [freespace] level device Securely erase a disk or freespace on a mounted volume. Ownership of the affected disk is required. Level should be one of the following:
o 1 - Single pass randomly erase the disk. o 2 - US DoD 7 pass secure erase. o 3 - Gutmann algorithm 35 pass secure erase.
Tiger Security Guides also cover 'srm' and 'diskutil' for secure erase. For example, starting on pg 127 on Tiger Server Security Guide.
- Shawn _____________________________________________________ Shawn Geddis Security Consulting Engineer Apple Enterprise
|
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden