(OT) Multiple hard drive wipe utilities question...

I should clarify that I was talking about true physically simultaneous
writing to multiple drives. A program can erase multiple drives
simultaneously, but it may be quite S-L-O-W if they are on the same disk
controller. In fact, it may be MUCH faster to erase the drives one at a
time than to do a supposedly simultaneous erase.


Barry Watzman wrote:
NO program run on the computer can necessarily write to drives in
parallel, because the disk controller cannot necessarily write to drives
in parallel (for example, a master and slave drive on the same IDE
channel cannot be written to in parallel; at any given time you can only
access one drive or the other, they are both on the same controller and
even the same cable).

That's where using a command internal to the drive has an advantage; you
tell the drive to wipe itself, and while the operation may then take a
long time, everything happens within the drive. No further interaction
with the controller (the IDE or SATA or even SCSI controller) is required.

That doesn't mean that any given program using the "wipe drive" command
will necessarily support doing multiple drives in parallel, but it's at
least conceptually possible. However, doing it through the controller
may be literally impossible, unless each drive is on a totally separate
controller and is using bus mastering DMA.


S.Lewis wrote:

I've got DBAN, but again I don't believe it will wipe drives in
parallel, only sequentially. I'll have another look at their readme....

Don't need it for USB or 1394, thankfully.

"Barry Watzman" wrote in message ...
Actually, there is a better way to do this that is fully DOD approved.

For the past several years, almost all IDE hard drives have had an
INTERNAL TO THE DRIVE "wipe the entire drive" command...

For those that are interested in reading about the subject, there are
some documents up at the advocate's/developer's page:

http://cmrr.ucsd.edu/Hughes/SecureErase.html

I would urge people to read the materials very carefully.

Having the drive itself perform the wiping would surely seem to have
clear advantages (the ability to wipe areas which aren't accessible to
host software and the ability to write in the optimal way for wiping).
Oddly, the (rather strong) push seems to be for fixed/fast solutions
rather than flexible solutions which would appeal to a wider range
of users. If the DoD or for that matter Joe User demands 3 passes
or 7 or 42... why fight it? How hard could it be to make the cmd
accept some params?

On Jul 19, 10:14 pm, Barry Watzman wrote:
I should clarify that I was talking about true physically simultaneous
writing to multiple drives. A program can erase multiple drives
simultaneously, but it may be quite S-L-O-W if they are on the same disk
controller. In fact, it may be MUCH faster to erase the drives one at a
time than to do a supposedly simultaneous erase.

Barry Watzman wrote:
NO program run on the computer can necessarily write to drives in
parallel, because the disk controller cannot necessarily write to drives
in parallel (for example, a master and slave drive on the same IDE
channel cannot be written to in parallel; at any given time you can only
access one drive or the other, they are both on the same controller and
even the same cable).

That's where using a command internal to the drive has an advantage; you
tell the drive to wipe itself, and while the operation may then take a
long time, everything happens within the drive. No further interaction
with the controller (the IDE or SATA or even SCSI controller) is required.

That doesn't mean that any given program using the "wipe drive" command
will necessarily support doing multiple drives in parallel, but it's at
least conceptually possible. However, doing it through the controller
may be literally impossible, unless each drive is on a totally separate
controller and is using bus mastering DMA.

S.Lewis wrote:

I've got DBAN, but again I don't believe it will wipe drives in
parallel, only sequentially. I'll have another look at their readme....

Don't need it for USB or 1394, thankfully.

As drive wiping is a major concern of my employer, I've spent
considerable time testing various wiping solutions.

Speaking from experience with DBAN. Doing 2 drives on separate
channels is not half as fast per drive. In fact the individual wiping
rate only suffers by a few percentage points. It suffers much more in
a master/slave config.

The tipping point, on one drive per channel with DBAN on IDE seems to
be around 4-6 drives per machine. (Achieved with PCI IDE controllers).
After which the wiping rate really starts to suffer.

You are gaining a lot with DBAN to use it in parallel.

My understanding is that the drive internal wipe command is more secure
than external commands and is DOD approved. The drive, internally,
knows exactly what type of actual encoding is used on the platter
surfaces and is able to optimize the wipe data pattern for "maximum
destruction" of the data. This information is not easily available
externally and varies both from manufacturer to manufacturer and even
from model to model in drives made the same manufacturer.

(Indeed, because of the changing diameter, circumference and bit density
from the inside to the outside tracks of a drive, a given drive could,
at least in theory, use different encoding schemes on different tracks
(cylinders). Again, the drive itself knows how it works internally, but
these details are not truly available once you are outside the drive and
trying to perform a wipe through "normal" read/write commands).


Sudohnim wrote:

"Barry Watzman" wrote in message
...
Actually, there is a better way to do this that is fully DOD approved.

For the past several years, almost all IDE hard drives have had an
INTERNAL TO THE DRIVE "wipe the entire drive" command...

For those that are interested in reading about the subject, there are
some documents up at the advocate's/developer's page:

http://cmrr.ucsd.edu/Hughes/SecureErase.html

I would urge people to read the materials very carefully.

Having the drive itself perform the wiping would surely seem to have
clear advantages (the ability to wipe areas which aren't accessible to
host software and the ability to write in the optimal way for wiping).
Oddly, the (rather strong) push seems to be for fixed/fast solutions
rather than flexible solutions which would appeal to a wider range
of users. If the DoD or for that matter Joe User demands 3 passes
or 7 or 42... why fight it? How hard could it be to make the cmd
accept some params?

As you note, "on separate channels".

Most computers have only two channels, and many recent motherboards have
only a single IDE channel. Further, even if two channels exist, it's
not a given that two drives installed in the same computer are actually
on two separate channels.


wrote:

As drive wiping is a major concern of my employer, I've spent
considerable time testing various wiping solutions.

Speaking from experience with DBAN. Doing 2 drives on separate
channels is not half as fast per drive. In fact the individual wiping
rate only suffers by a few percentage points. It suffers much more in
a master/slave config.

The tipping point, on one drive per channel with DBAN on IDE seems to
be around 4-6 drives per machine. (Achieved with PCI IDE controllers).
After which the wiping rate really starts to suffer.

You are gaining a lot with DBAN to use it in parallel.

At a cost of $25, if HDDerase does the job as advertised, it is a relative
bargain. I've downloaded it, and I'll try it. If I like it and use it
regularly on IDE and SATA drives, I'll pay the $25 willingly.

SCSI, in all its shades and gradations, remains uncovered by HDDerase, so I'll
have to continue with DBAN.

Nice that these folks have done free or low-cost implementations of software for
which the blissfully ignorant pay big bucks... Ben Myers

On Thu, 19 Jul 2007 18:01:21 -0700, " wrote:

On Jul 19, 5:38 pm, "S.Lewis" wrote:
wrote in message

oups.com...



On Jul 19, 7:11 am, Barry Watzman wrote:
Actually, there is a better way to do this that is fully DOD approved.

For the past several years, almost all IDE hard drives have had an
INTERNAL TO THE DRIVE "wipe the entire drive" command. This wipe is
EXTREMELY secure, and isn't done by the computer that the drive is
connected to, but rather by the drive itself (once the command is
issued).

A professor (Gordon Hughes) at UCSD (Univ. of Calif. San Diego) has
produced a PC program (command line (DOS), I think) that will do such an
erase on a PC, it's called HDDerase and a web search should find it.
There have been a couple of articles on C|Net or Infoworld about this
feature also. The feature has been around for a surprisingly long time,
virtually all IDE and SATA drives have it, but the PC community is
surprisingly ignorant of it.

Yes, most IDE/SATA drives above 15GB or so have it built in. But when
you have to do bulk wiping, especially on older drives, you never know
for sure if it's implemented. And then there is the SCSI issue.

The SCSI issue seems to be the deal breaker, though some external devices
claim to be able to handle all three.

But.....$$$$$$

HDDerase requires a commercial license for non-home use.

http://invent.ucsd.edu/technology/ca...SD2005-815.htm

DBAN is FREE. It works just fine with internal and external SCSI (yes,
and SCA, and fiber channel). USB and 1394 seem to be out. And no zip/
jaz/orb/sparq wiping. For now.

I believe it's free for personal use.


Ben Myers wrote:
At a cost of $25, if HDDerase does the job as advertised, it is a relative
bargain. I've downloaded it, and I'll try it. If I like it and use it
regularly on IDE and SATA drives, I'll pay the $25 willingly.

SCSI, in all its shades and gradations, remains uncovered by HDDerase, so I'll
have to continue with DBAN.

Nice that these folks have done free or low-cost implementations of software for
which the blissfully ignorant pay big bucks... Ben Myers

On Thu, 19 Jul 2007 18:01:21 -0700, " wrote:

On Jul 19, 5:38 pm, "S.Lewis" wrote:
wrote in message

oups.com...



On Jul 19, 7:11 am, Barry Watzman wrote:
Actually, there is a better way to do this that is fully DOD approved.
For the past several years, almost all IDE hard drives have had an
INTERNAL TO THE DRIVE "wipe the entire drive" command. This wipe is
EXTREMELY secure, and isn't done by the computer that the drive is
connected to, but rather by the drive itself (once the command is
issued).
A professor (Gordon Hughes) at UCSD (Univ. of Calif. San Diego) has
produced a PC program (command line (DOS), I think) that will do such an
erase on a PC, it's called HDDerase and a web search should find it.
There have been a couple of articles on C|Net or Infoworld about this
feature also. The feature has been around for a surprisingly long time,
virtually all IDE and SATA drives have it, but the PC community is
surprisingly ignorant of it.
Yes, most IDE/SATA drives above 15GB or so have it built in. But when
you have to do bulk wiping, especially on older drives, you never know
for sure if it's implemented. And then there is the SCSI issue.
The SCSI issue seems to be the deal breaker, though some external devices
claim to be able to handle all three.

But.....$$$$$$
HDDerase requires a commercial license for non-home use.

http://invent.ucsd.edu/technology/ca...SD2005-815.htm

DBAN is FREE. It works just fine with internal and external SCSI (yes,
and SCA, and fiber channel). USB and 1394 seem to be out. And no zip/
jaz/orb/sparq wiping. For now.

Yes, but I actually run a business... Ben Myers

On Fri, 20 Jul 2007 13:24:49 -0400, Barry Watzman
wrote:

I believe it's free for personal use.


Ben Myers wrote:
At a cost of $25, if HDDerase does the job as advertised, it is a relative
bargain. I've downloaded it, and I'll try it. If I like it and use it
regularly on IDE and SATA drives, I'll pay the $25 willingly.

SCSI, in all its shades and gradations, remains uncovered by HDDerase, so I'll
have to continue with DBAN.

Nice that these folks have done free or low-cost implementations of software for
which the blissfully ignorant pay big bucks... Ben Myers

On Thu, 19 Jul 2007 18:01:21 -0700, " wrote:

On Jul 19, 5:38 pm, "S.Lewis" wrote:
wrote in message

oups.com...



On Jul 19, 7:11 am, Barry Watzman wrote:
Actually, there is a better way to do this that is fully DOD approved.
For the past several years, almost all IDE hard drives have had an
INTERNAL TO THE DRIVE "wipe the entire drive" command. This wipe is
EXTREMELY secure, and isn't done by the computer that the drive is
connected to, but rather by the drive itself (once the command is
issued).
A professor (Gordon Hughes) at UCSD (Univ. of Calif. San Diego) has
produced a PC program (command line (DOS), I think) that will do such an
erase on a PC, it's called HDDerase and a web search should find it.
There have been a couple of articles on C|Net or Infoworld about this
feature also. The feature has been around for a surprisingly long time,
virtually all IDE and SATA drives have it, but the PC community is
surprisingly ignorant of it.
Yes, most IDE/SATA drives above 15GB or so have it built in. But when
you have to do bulk wiping, especially on older drives, you never know
for sure if it's implemented. And then there is the SCSI issue.
The SCSI issue seems to be the deal breaker, though some external devices
claim to be able to handle all three.

But.....$$$$$$
HDDerase requires a commercial license for non-home use.

http://invent.ucsd.edu/technology/ca...SD2005-815.htm

DBAN is FREE. It works just fine with internal and external SCSI (yes,
and SCA, and fiber channel). USB and 1394 seem to be out. And no zip/
jaz/orb/sparq wiping. For now.

On Jul 20, 5:42 am, Barry Watzman wrote:
As you note, "on separate channels".

Most computers have only two channels, and many recent motherboards have
only a single IDE channel. Further, even if two channels exist, it's
not a given that two drives installed in the same computer are actually
on two separate channels.

wrote:

As drive wiping is a major concern of my employer, I've spent
considerable time testing various wiping solutions.

Speaking from experience with DBAN. Doing 2 drives on separate
channels is not half as fast per drive. In fact the individual wiping
rate only suffers by a few percentage points. It suffers much more in
a master/slave config.

The tipping point, on one drive per channel with DBAN on IDE seems to
be around 4-6 drives per machine. (Achieved with PCI IDE controllers).
After which the wiping rate really starts to suffer.

You are gaining a lot with DBAN to use it in parallel.

quick note:

DBAN 1.1.0 will support the ATA secure methods, when released.

http://dban.sourceforge.net/beta/

"Barry Watzman" wrote in message ...
My understanding is that the drive internal wipe command is more
secure than external commands and is DOD approved.

I think if you research it you will walk away with a more nuanced
understanding. I've only read enough to get a feel for the subject,
which is frequently poorly described in writing and the standards
seem to be evolving and it seems there may be drive/manufacturer
dependent issues. That's why I said to read things carefully. With
that said I will offer this description with a big grain of salt...

It seems there are two commands: "Secure Erase" & "Enhanced
Secure Erase". Secure Erase is the command that has been widely
supported. It appears to be a single pass write of zeros. Some
things lead me to believe that would be done on all possible areas
including those not accessible to host software. Other things lead
me to believe that only host accessible areas would be overwritten.
That may be a drive dependent thing, I don't know. Apparently
certain problems prevent any/all writing to some areas... be that
internally initiated or externally initiated. Which is a problem for all
wipers and probably one of the reasons why physical destruction
is the only DoD approved methods for sanitizing drives containing
higher security stuff. The CMRR folks seem to be asserting that a
single pass overwrite of zeros translates into random patterns being
laid down on the media and such an approach is highly secure. In
some places the descriptions suggest that additional passes buy you
nothing, however other descriptions (not to mention the fact that
they promote an Enhanced Secure Erase) suggest that they feel it
is merely secure enough... that it would take rare circumstances for
the data to be recoverable without removing the platters and using
special equipment and/or procedures. Which they seem to have
done by the way... recovering some data. I read something about
Secure Erase being approved by NIST for sanitation of only up
to Confidential data. Thus Secure Erase... again, the command
that is currently widely supported... appears iffy for sensitive
stuff.

Secure Erase can be used in conjuction with a drive password to
execute something called "Fast Secure Erase" also called "Fast
Erase" at times. The basic ideas is that the command gets latched
and the drive locked and then should at some point in the future
the drive be unlocked the first thing it must do is complete that
Secure Erase. Which would be usefull for emergency sanitation
situations but that is about it. Well, that and joe blow "want to
do something but don't want to wait for it to actually complete"
situations too I guess.

Enhanced Secure Erase, at least as promoted by CMRR,
appears to involve two passes of writing zeros, off-track and
in opposite directions and all possible areas containing user
data are supposed to be overwritten. This doesn't seem to be
widely supported yet and I'm not sure that exact method was
used in drives which did ship.

In drives supporting full disk encryption, there seems to be yet
another approach.... performing NO wiping passes but simply
changing the drive's key. In one blurb I read, the terms FDE
Secure Erase (FDE-SE) and FDE Enhanced Secure Erase
(FDE E-SE) were intermixed such that it wasn't clear whether
it was a mistake or there actually are two levels. I think there
is just one.

As for what is DoD approved, that would depend on the
specific circumstances, but generally people refer to the three
pass method specified in 5220.22-M (write a character, then
its complement, then a random character). Now I just went to
get you a link to that and ran into something interesting. Here
is an old sanitization matrix:

http://www.zdelete.com/dod.htm

and you can see that only the triple pass is approved for
sanitization and NOT for TS or above. Now then, here is
what appears to be the latest sanitization matrix:

http://www.dss.mil/isp/odaa/document...ion_matrix.pdf

Which says "Effective immediately, DSS will no longer approve
overwriting procedures for the sanitization or downgrading (e.g.
release to lower level classified information controls) of IS
storage devices (e.g., hard drives) used for classified processing."
and now the only options listed for HDs are degaussing and
destruction :-))