On 17/01/2014 08:19, Robert Collins wrote: > On 16 January 2014 03:31, Alan Kavanagh <[email protected]> wrote: >> Hi fellow OpenStackers >> >> >> >> Does anyone have any recommendations on open source tools for disk >> erasure/data destruction software. I have so far looked at DBAN and disk >> scrubber and was wondering if ironic team have some better recommendations? > > So for Ironic this is a moderately low priority thing right now - and > certainly I think it should be optional (what the default is is a > different discussion). > > It's low priority because there are -so- many other concerns about > sharing bare metal machines between tenants that don't have > comprehensive mutual trust, that it's really not viable today (even on > relatively recent platforms IMNSHO). > > -Rob > >
For all but the most paranoid of applications a single pass overwrite is enough to ensure that all data is securely removed from a magnetic disk. There is some truth to the claim that data can still be read after a re-write, the technique is known as magnetic force microscopy (https://www.usenix.org/legacy/publications/library/proceedings/sec96/full_papers/gutmann/index.html), it's an incredibly expensive method of data recovery, used only by a few organisations most of which I assume are intelligence agencies. A single pass overwrite is fine for wiping the contents of a disk beyond all reasonable means of recovery. If you're trying to protect your data from recovery by intelligence agencies with access to the hardware, there are probably a lot of more important things you need to do to secure your data before you try to work out how many deban-re-writes you want. SSD's are more complicated because they have wear-leveling controllers that spread data out in ways that mean you can't necessarily guarantee that every block will get written during an overwrite. If you'd like a more detailed answer I'm sure the folks in the OSSG would be happy to help: [email protected] Cheers -Rob _______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
