From: baldwin@LAT.COM (Bob Baldwin)
To: cypherpunks@toad.com
Message Hash: 5f4efe69a2d2f8706daee7f02549788f6e3b5ba3466168d2c6c8232f167d9136
Message ID: <9310011853.AA10783@LAT.COM>
Reply To: N/A
UTC Datetime: 1993-10-01 19:03:38 UTC
Raw Date: Fri, 1 Oct 93 12:03:38 PDT
From: baldwin@LAT.COM (Bob Baldwin)
Date: Fri, 1 Oct 93 12:03:38 PDT
To: cypherpunks@toad.com
Subject: Media declassification
Message-ID: <9310011853.AA10783@LAT.COM>
MIME-Version: 1.0
Content-Type: text/plain
Eric Townsend writes:
> The US Gov policy for the disposal of any media that has been used to
> store classified data is:
> wipe -- demagnatize with a *massive* demag unit
> grind -- toss in a thing that'd make ground chuck out of godzilla
> incenerate -- at some amazingly high temperature.
> The media is treated as if it had classified data until after step #3.
In addition to degaussing, crushing, and incenerating
classified disks, the US Government has approved a number of software
systems that overwrite the media with ones and zeros. Different agencies
have different rules and defense contractors have to obey the rules of
the agency that they are servicing. The NSA and DOE require four
passes over the data with the patterns 0x00, 0x55, 0xAA, and 0x41 (these
are hex byte values). The last value is the Ascii letter 'A', which
is then verified by spot checking. This pattern flips each bit at least
once after setting all bits to zero.
With a scanning electron microscope it is possible to pick up
fringe regions of the magnetic domains and reconstruct the last dozen
or so values for a particular domain. This result means that if a
disk has really sensitive information, and it is leaving the secure
facility (i.e., not just being re-used for another project, or being
transfered to another secure location), then the four-pass overwrite
program must be run at least three times.
There are also low-level considerations. The main one is that
the disk head must be wiggled back and forth as it moves along the
disk to vary the alignment between the head and the track to maximize
the erasure of outlying magetic domains. If the head is simply stepped
from track to track, all tracks will miss the same outlying domains
because the head stepping error rate (e.g., 2% off true alignment in
the inbound direction) tends to remain constant as the head moves
inward.
Another low-level consideration is to be sure to erase all
the data surfaces including sector headers, bad blocks, alternate
cylinders, disk label regions, and sectors reserved for holding
redundant copies of the disk geometry information or the disk controller
microcode. All this requires going below the operating system to
directly issue SCSI or IDE disk commands.
LAT sells the only overwrite program that has been approved
for Unix platforms.
--Bob
----------------------------------------------------------------------
Director of Development Our mission is to provide
Los Altos Technologies, Inc. the best solutions to our
Voice: 415/988-4848 customers' key computer
Fax: 415/988-4860 security problems while
email: baldwin@lat.com increasing their productivity.
----------------------------------------------------------------------
Return to October 1993
Return to “baldwin@LAT.COM (Bob Baldwin)”
1993-10-01 (Fri, 1 Oct 93 12:03:38 PDT) - Media declassification - baldwin@LAT.COM (Bob Baldwin)