Software version: 5.2.0
All schemes can be performed with an optional verification read-back pass.
Verification can be done after the last overwrite pass or after the first pass (or both). The advantage of first pass verification is that read-back errors will be detected early on in the overwrite procedure, rather than at the end. This may be relevant when performing many overwriting passes of large storage areas.
Hardwipe supports a range of data sanitization schemes in common use throughout government agencies around the world. These are described below, and are listed in order of how long they will typically take to run, from the fastest to the slowest.
This is the simplest scheme and overwrites data in a single pass with zero value bytes.
This scheme overwrites data in a single pass with pseudo-random values.
The RAZER (RAndom-ZERo) schemes are proprietary to Hardwipe, and involve one or more pseudo-random overwrite passes, followed by a final zero write pass.
They are implemented as follows:
The random passes are designed to ensure maximum data destruction where disk compression is utilized, whereas the final pass zeros the storage space, and is useful for virtual disk optimization while leaving no obvious sign that the disk was sanitized.
The RAZER schemes are an advanced feature requiring an upgrade before use.
The GOST R 50739-95 scheme performs 2 overwrite passes, and is implemented as follows:
This scheme was originally defined in the Russian Federation and is sometimes referred to in the West as "GOST P50739-95". Further information is available here.
Hardwipe implements this scheme as follows:
This data sanitization method was originally defined by the US National Industrial Security Program (NISP) in the document DOD 5220.22-M. Use of this scheme with verification option is equivalent DOD 5220.22-M(d). When used with last pass verification, this implementation appears to be compliant with the following other schemes: HMG IS5, AFSSI-5020, and NAVSO P-5239-26.
Note. Although the DOD 5220.22-M overwrite scheme originated in US Department of Defense, it is no longer used within the various members of the CSA.
The VSITR data sanitization method was originally defined by the German Federal Office for Information Security (Bundesamt für Sicherheit), and is implemented in the following way:
When used with last pass verification, this scheme is identical to RCMP TSSIT OPS-II.
The Schneier scheme performs 7 overwrite passes, and is implemented as follows:
The Schneier method was created by Bruce Schneier and appeared in his book "Applied Cryptography: Protocols, Algorithms, and Source Code in C" (ISBN 978-0471128458).
The Gutmann method performs 35 overwrite passes, using specific byte patterns, as follows:
Note. The Gutmann method was originally designed for a different kind of hard disk than used today and, because of this, its use is probably overkill for modern HDDs. In an epilogue to the original paper, Gutmann himself said that "For any modern PRML/EPRML drive, a few passes of random scrubbing is the best you can do."