On Mon, Sep 29, 2008 at 9:32 PM, Leo Mauler <webgiant@yahoo.com> wrote:
 The government standard is a medium security level application that specifies overwriting a hard drive six times through three iterations. Each iteration consists of two write-passes on a hard drive. The first iteration removes the files over at the drive surface, while the second iteration registers "zeros" on the surface.

What the hell does that even mean? 

"removes the files over at the drive surface"

It sounds like they say to write six times to the drive, with the even-numbered writes being 0s.  I suggested twice that.  So what do they recommend writing on the odd-numbered passes if not (pseudo)random junk?



Back when there was some correspondence between the data sent to the drive and the actual patterns written to disk, one could try to design a sequence of patterns to do a really good job of eliminating the "shadows" of previous writes.  Since every drive potentially uses a different algorithm for the low-level storage, the logical thing to do would be to let the drive itself handle wiping.

Extend the command set to provide a directive to securely wipe a range of sectors on a drive.  The drive would then implement its own method that takes into account the algorithm it uses.  Since the drive has access to samples that are not passed through to the CPU, it would be able to tailor what it writes to what is on that sector, and after a few passes of read/write feedback, get things pretty thoroughly scrambled.  In this instance, the drive would be writing patterns that it never writes to encode data, because it would be deliberately putting flux transitions between the normal locations where they would be located.

Also, when a drive detects that a sector is no longer reliable (even with the error-correction codes it can't read back what it just wrote to that sector), and is taken out of service (substituting a spare sector transparent to the CPU's knowledge) the retired sector should automatically receive this treatment, lest it contain sensitive info that could later be recovered by someone who bypasses the normal redirection. 

Drives with this technology could be marketed as having "Secure Deletion" capabilities, and easily command premium prices.  Wouldn't you gladly pay $10 more for a drive that can wipe sectors so well that even the spooks would get nothing out of them?