Comments (5)
I think the original question has been answered (to the best of my abilities). Closing the issue. Please feel free to re-open if there's any other follow up questions.
from lethe.
Which technique are you referring to?
According to this document, Lethe should be compatible with NIST Clear protocol. Their simplest suggested method of overwriting with static low-entropy data seems very unsecure. I couldn't find the actual recommended schemes (I found multiple in different sources to be precise), but I think DoD 5220.22-M
(supported by Lethe) follows the best practices of NIST Clear and is probably the best generic method, especially for SSDs. The level of partial sanitization should be pretty low.
Let me know if you have a better source of information on the exact schemes. Adding more schemes to Lethe is generally not a problem, even if they stages are interconnected, as I found in some of the sources. But from my previous research, I don't think more patterns will significantly increase sanitization quality. I was thinking of adding a method to help with plausible deniability but that's another thing.
The next level, NIST Purge, relies on ATA commands, like Secure Erase. As I mentioned in README, this is not yet supported and adding it is not trivial.
from lethe.
Thanks y a lot for the details. Below is the link for the NIST document that I was referring to.
https://www.bitraser.com/article/use-nist-hard-drive-erasure.php
Have a look on the link I shared and please share your further thoughts on it.
from lethe.
What I'm getting from the document is the NIST clear is like simple write All 0's to the drive or can increase the passes but 1 is suffix.
But for NIST Purge there are 4 methods, 1 is overwrite EXT command to write with pseudorandom pattern with 3 passes by inverting the 2nd pattern of the original one.
2nd is SECURE ERASE UNIT command (which is supported by some SSD's) and then cryptographics erase etc, My point is if we achieve the first one method in NIST PURGE then It will be officialy suppor the NIST PURGE right?
from lethe.
Thanks for the link, it seems to match what I found as well.
I think NIST Clear is bad for protecting sensitive data but it's good for device re-usability. Lethe supports this method but that's about it.
For NIST Purge, my understanding is that all these overwrites should be performed by sending ATA EXT commands to the controller, not using general use writes (however tuned). The benefits are: all available blocks can be overwritten and a single pass should be pretty much enough. So, again, a device can be re-used afterwards.
Lethe is not compliant with any of that yet and follows a different approach. The driving factors were:
- True cross-platform support
- Data protection is more important than re-usability of devices (i.e. it should be good enough for lab analysis)
There's a conflict there because going this low-level (as suggested by NIST Purge protocol) on all platforms is (likely) going to be very difficult. So, Lethe tries really hard to get to this level with generally available APIs (by removing cache layers, using direct memory, using crypto random to cover more blocks, etc.) but for SSDs it's still not as good as properly implemented NIST Purge. A poorly implemented NIST Purge protocol is going to be worse than what Lethe does though, as explained by the document you mentioned.
But that's how I see it. I would love to hear an opinion from somebody who's really involved in security and these standards.
from lethe.
Related Issues (20)
- Unmount volumes before wiping
- Add configurable retries
- Skip bad blocks HOT 1
- Request elevated privileges using application manifest
- Simplify updates
- Lethe list is not listing disks/partition on macOS Big Sur
- Lethe list is not listing disks/partition on macOS Big Sur HOT 6
- Make the app available from homebrew
- Make the app available from linux package managers
- How to build the exe for 32 bit (x86) architecutre? HOT 6
- How to wipe multiple external drives? HOT 4
- Verification failed HOT 7
- Migrate to Github Actions
- How can I use this app on the Windows? HOT 2
- How to add customized verification? HOT 1
- Extra storage properties
- Setup CI/releases
- Benchmark
- Empirical block size selection
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lethe.