Does Lethe supports NIST data erasure technique or algorithm? about lethe HOT 5 CLOSED

I think the original question has been answered (to the best of my abilities). Closing the issue. Please feel free to re-open if there's any other follow up questions.

from lethe.

Which technique are you referring to?

According to this document, Lethe should be compatible with NIST Clear protocol. Their simplest suggested method of overwriting with static low-entropy data seems very unsecure. I couldn't find the actual recommended schemes (I found multiple in different sources to be precise), but I think DoD 5220.22-M (supported by Lethe) follows the best practices of NIST Clear and is probably the best generic method, especially for SSDs. The level of partial sanitization should be pretty low.

Let me know if you have a better source of information on the exact schemes. Adding more schemes to Lethe is generally not a problem, even if they stages are interconnected, as I found in some of the sources. But from my previous research, I don't think more patterns will significantly increase sanitization quality. I was thinking of adding a method to help with plausible deniability but that's another thing.

The next level, NIST Purge, relies on ATA commands, like Secure Erase. As I mentioned in README, this is not yet supported and adding it is not trivial.

from lethe.

Thanks y a lot for the details. Below is the link for the NIST document that I was referring to.
https://www.bitraser.com/article/use-nist-hard-drive-erasure.php

Have a look on the link I shared and please share your further thoughts on it.

from lethe.

What I'm getting from the document is the NIST clear is like simple write All 0's to the drive or can increase the passes but 1 is suffix.
But for NIST Purge there are 4 methods, 1 is overwrite EXT command to write with pseudorandom pattern with 3 passes by inverting the 2nd pattern of the original one.
2nd is SECURE ERASE UNIT command (which is supported by some SSD's) and then cryptographics erase etc, My point is if we achieve the first one method in NIST PURGE then It will be officialy suppor the NIST PURGE right?

from lethe.

Thanks for the link, it seems to match what I found as well.
I think NIST Clear is bad for protecting sensitive data but it's good for device re-usability. Lethe supports this method but that's about it.

For NIST Purge, my understanding is that all these overwrites should be performed by sending ATA EXT commands to the controller, not using general use writes (however tuned). The benefits are: all available blocks can be overwritten and a single pass should be pretty much enough. So, again, a device can be re-used afterwards.

Lethe is not compliant with any of that yet and follows a different approach. The driving factors were:

• True cross-platform support
• Data protection is more important than re-usability of devices (i.e. it should be good enough for lab analysis)

There's a conflict there because going this low-level (as suggested by NIST Purge protocol) on all platforms is (likely) going to be very difficult. So, Lethe tries really hard to get to this level with generally available APIs (by removing cache layers, using direct memory, using crypto random to cover more blocks, etc.) but for SSDs it's still not as good as properly implemented NIST Purge. A poorly implemented NIST Purge protocol is going to be worse than what Lethe does though, as explained by the document you mentioned.

But that's how I see it. I would love to hear an opinion from somebody who's really involved in security and these standards.

from lethe.