On Tue, 26 Feb 2008, in the Usenet newsgroup alt.computer.security, in article
<JrKdndJ_eYM6A1nanZ2dnUVZ_oDinZ2d@comcast.com>, Rick Merrill wrote:

>Moe Trin wrote:

>> I'm not exactly sure how our DOD stuff is handled, as it's not my
>> bailiwick. On the other hand, I'm guessing that about a quarter of the
>> drives here go out for a certified scrub because we're a R&D facility
>> and corporate is rather paranoid about some things. Heck, all of the
>> waste paper trash is shredded, even if it came from the chief cook's
>> office in the employee's cafeteria, just as all hard drives get a 3
>> pass (zeros, ones, "random data") wipe when they are taken out of
>> service. Something like 15 minutes per Gig - big deal, especially
>> when you have several "dedicated" boxes to do the job.

>DOD has a hard drive SHREDDER!

Wonder what classification level it's allowed to. Like I say, I'm not
on the DOD side of the house.

>For you and I (assuming You're not a spy) a single overwite is
>quite enough - to get stuff off it requires extreme measures.

That assumes that the critical piece of data wasn't written to a track
that later developed a "fault" and the drive automagically swapped out
the track for one of the spares. (When the drive swaps out a bad track,
the data is copied to a spare track, the old track is marked unusable,
but that track is not erased - the data is still there though it might
be harder to read than normal.) Functionally, you're probably correct,
and in most cases no one is going to spend the heroic amounts of time
and money to recover the wiped stuff (ignore the obvious lies on TV
shows like "CSI-$CITY"). At work, the rules say a certified scrub for
certain drives, and a simple triple wipe for all others. They have
their reasons, and they are the ones paying for the time/energy to do
the wipe, so why should I do something else?

Old guy