Scribd Logo
Upload

Welcome to Scribd!

  • 19 views

    Secure-Erasing Methods

    Uploaded by

    Anthoni Solomon
    The document describes various secure erasing and hard-wiping methods for data storage devices. Methods range from a single pass overwrite of random or pseudorandom data to multi-pass algorithms involving overwriting with different patterns such as zeros, ones, random bytes, and complements. The number of passes required by each standard ranges from one to 35 passes. Cryptographic erasure methods use native device commands to erase encryption keys rather than overwriting data.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    Secure-Erasing Methods

    Uploaded by

    Anthoni Solomon
    19 views3 pages
    The document describes various secure erasing and hard-wiping methods for data storage devices. Methods range from a single pass overwrite of random or pseudorandom data to multi-pass algorithms involving overwriting with different patterns such as zeros, ones, random bytes, and complements. The number of passes required by each standard ranges from one to 35 passes. Cryptographic erasure methods use native device commands to erase encryption keys rather than overwriting data.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document describes various secure erasing and hard-wiping methods for data storage devices. Methods range from a single pass overwrite of random or pseudorandom data to multi-pass algorithms involving overwriting with different patterns such as zeros, ones, random bytes, and complements. The number of passes required by each standard ranges from one to 35 passes. Cryptographic erasure methods use native device commands to erase encryption keys rather than overwriting data.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    19 views3 pages

    Secure-Erasing Methods

    Uploaded by

    Anthoni Solomon
    The document describes various secure erasing and hard-wiping methods for data storage devices. Methods range from a single pass overwrite of random or pseudorandom data to multi-pass algorithms involving overwriting with different patterns such as zeros, ones, random bytes, and complements. The number of passes required by each standard ranges from one to 35 passes. Cryptographic erasure methods use native device commands to erase encryption keys rather than overwriting data.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 3

    2020/09/16 – Wednesday

    Secure-Erasing (Hard-Wiping) Methods

    Pseudorandom data: (1 Pass)


    The fastest wiping scheme. Your data is overwritten with random data (if you use a
    CSPRNG the data is indistinguishable from random noise.)

    Aperiodic random overwrite / Random: (1 Pass)


    This process overwrites data with a random, instead of static, pattern. Each sector of the
    drive will contain different data. This process is completed by verifying the write.

    British HMG IS5 (Baseline) (1 pass): (1 Pass)


    Used by the British Government, this 1-pass overwrite procedure consists of first writing
    a zero and then a random character and repeating. This procedure is completed by
    verification.

    BSI-GS: (1 Pass)
    Defined by the German Federal Office for Information Security, this process begins by
    removing hidden drives (HPA / DCO if existing) and overwriting with aperiodic random
    data. The next step triggers a firmware-based command dependent on the type of drive.
    The last step is to verify the write.

    NIST 800-88 Clear: (1 Pass)


    The National Institute of Standards and Technology Clear requires the removal of
    hidden drives (HPA/DCO, if existing). The data is then overwritten and verified.

    NIST 800-88 Purge: (1 Pass)


    This method requires the removal of hidden drives (HPA / DCO, if existing). A firmware-
    based command is triggered depending on the type of drive, and the last step is the
    verify the write.

    Russian GOST P50739-95: (2 Passes)


    GOST P50739-95 wiping scheme calls for a single pass of zeroes followed by a single
    pass of random data.

    Air Force System Security Instruction 5020: (2 Passes)


    Originally defined by the United States Air Force, this 2-pass overwrite is completed by
    verifying the write.

    BSI-GSE: (2 Passes)
    The BSI-GSE adds one extra step to the BSI-GS. After the first overwrite, an additional
    overwrite with aperiodic random data is added before moving on to the last two steps.

    Firmware Based Erasure: (2 Passes)


    This Blancco-defined standard is a 2-step process triggers a firmware command that is
    dependent on the drive type. The last step of the process is to verify the write.

    Page 1|3
    2020/09/16 – Wednesday

    British HMG IS5 (Enhanced): (3 Passes)


    British HMG IS5 (Enhanced) is a three-pass overwriting algorithm: first pass – with
    zeroes, second pass – with ones and the last pass with random data.

    US Army AR380-19: (3 Passes)


    AR380-19 is data wiping scheme specified and published by the U.S. Army. AR380-19
    is three pass overwriting algorithm: first pass – with random data, second with a random
    byte and the third pass with the complement of the 2nd pass.

    US Department of Defense DoD 5220.22-M (E): (3 Passes)


    DoD 5220.22-M (E) is a three-pass overwriting algorithm: first pass – with zeroes,
    second pass – with ones and the last pass – with random data.

    US Air Force 5020: (3 Passes)


    US Air Force 5020 is a three-pass overwriting algorithm with the first pass being that of a
    random byte, followed by two passes of complement data (shifted 8 and 16 bits right
    respectively)

    CESG CPA – Higher Level: (3 Passes)


    The UK government’s National Technical Authority for Information Assurance standard
    is a 3-pass process with a verification after each step.

    Extended Firmware Based Erasure: (3 Passes)


    This Blancco-defined standard adds an overwrite as the first step and then follows the
    standard Firmware Based Erasure, making this a 3-step process.

    National Computer Security Center (NCSC-TG-025): (3 Passes)


    Defined by the US National Security Agency, this 3-pass system includes a verification
    after each pass of 0s, 1s and a random character.

    Navy Staff Office Publication (NAVSO P-5239-26): (3 Passes)


    Published by the US Navy, this 3-pass system uses a specified character (and its
    complement) and a random character. The process is completed by verifying the write.

    NSA 130-1: (3 Passes)


    Defined by the National Security Agency, this method uses a 3-pass overwrite: writes a
    random character, writes another random character, and writes a known value. This
    process is completed by verifying the write.

    OPNAVINST 5239.1A: (3 Passes)


    Defined by the US Navy, this process is completed by verifying the write after a 3-pass
    overwrite—the first a random byte and static overwrite for the last two.

    BSI-2011-VS: (4 Passes)
    This 4-pass procedure is the original BSI standard defined by the German Federal Office
    of Information Security.
    Page 2|3
    2020/09/16 – Wednesday

    US Department of Defense DoD 5220.22-M(ECE): (7 Passes)


    DoD 5220.22-M(ECE) is seven pass overwriting algorithm: first, fourth and fifth pass with
    a random byte, its 8 right-bit shift complement and 16 right-bit shift complement; second
    and sixth passes with zeroes, and third and seventh pass with random data.

    Canadian RCMP TSSIT OPS-II: (7 Passes)


    RCMP TSSIT OPS-II is a seven-pass overwriting algorithm with three alternating
    patterns of zeroes and ones and the last pass – with a random byte.

    German VSITR: (7 Passes)


    The German standard calls for data to be overwritten with three alternating patterns of
    zeroes and ones and in the last pass with random data.

    Bruce Schneier’s Algorithm: (7 Passes)


    The Bruce Schneier algorithm has seven passes: first pass – with ones, the second
    pass – with zeroes and then five times with random data.

    Peter Gutmann's Algorithm: (35 Passes)


    The Gutmann method uses a random character, instead of just the zero used in other
    techniques, for the first 4 and the last 4 passes, but then uses a complex pattern of
    overwriting from Pass 5 through Pass 31. It writes a total of 35 passes.

    Cryptographic Erasure (Crypto Erase): (N / A)


    This method uses the native command to call a cryptographic erasure, which erases the
    encryption key. While the encrypted data remains on the storage device itself, it is
    effectively impossible to decrypt, rendering the data unrecoverable. Because this
    method uses the native commands as defined by the manufacturer, it is only available if
    supported by the drive being erased.

    Blancco SSD Erasure: (Proprietary)


    Blancco’s multi-phase, proprietary SSD erasure approach utilizes all supported SSD
    security protocols. This innovative method includes multiple random overwrites, firmware
    level erasure, freeze lock removal and full verification.

    Online Sources:
    1. Eraser Heidi: https://eraser.heidi.ie/appendix-a-erasure-methods/
    2. Blancco: https://www.blancco.com/blog-comprehensive-list-data-wiping-erasure-
    standards/
    3. MCS: https://www.mcs.support/a-list-of-secure-data-wiping-and-erasure-
    standards/
    4. Lifewire: https://www.lifewire.com/gutmann-method-2625891

    Page 3|3

    You might also like