Default username: admin

Default passphrase: clarawipe

Login information can be modified in Settings, under the Technicians tab. Select the user and modify the credentials as desired.

ClaraWipe removes all traces of data from each device it interacts with. Free data erasure utilities are not recommended since they cannot guarantee complete data erasure, cannot detect or erase solid state drives, do not provide a secure audit trail, and do not provide serialized data sanitization reports.

These fundamental details are required to pass audits and meet regulatory compliance.

The DoD 5220.22-M is a data erasure standard which was published in the National Industrial Security Program’s Operating Manual in 1995, but was retired by the Department of Defense in 2005, yet is still widely used commercially.

Pass 1: 1 pass of zeros with verification of the write

Pass 2: 1 pass of ones with verification of the write

Pass 3: 1 pass of cryptographic erase(random data) and verification of the write

As of the last revision of the DoD 5220.22-M in 2007, ATA Secure Erase commands are not required. Since ATA Secure Erase Commands are required to purge all data from SSDs, this standard is no longer recommended by the Department of Defense. However, the current standard the NIST 800.88 does require both Cryptographic Erase and ATA Secure Erase commands when supported by the hardware.

Clarabyte exceeds all international standards by utilizing ATA Secure Erase protocols with each pass type, ensuring that all data across all drive and device types are fully erased.

National Institute of Standards and Technology - Special Publication 800-88, Revision 1

Published on February 5th, 2015 by Andrew R. Regenscheid, Larry Feldman, and Gregory A. Witte as a guideline for media sanitization. The intention of this document is to “assist organizations and system owners in making practical sanitization decisions based one the categorization of confidentiality of their information. Media Sanitization refers to a process that renders access to target data on the media infeasible for a given level of effort. Information disposition and sanitization decisions occur throughout the information system life cycle.”

There are several different methods used to sanitize media; Clear, Purge, and Destroy.

Each drive type has specific supported firmware commands. ClaraWipe Pro is compliant with both the NIST Clear and Purge (NIST SP 800-88r1).

ClaraWipe Pro has been built to exceed the highest international standards by always utilizing firmware level ATA Secure Erase commands, defaulting to the NIST requirements for drive sanitization, verifying successful overwriting, and producing serialized and tamper-proof reporting for a secure audit trail.

Running a ClaraWipe Pro erasure report will render all data on a drive forensically unrecoverable.

The HMG IS5 is a Brittish software based sanitization method used to remove data from hard drives.

HMG IS5 Baseline: Pass 1 - Pass of zeros.

Pass 2 - Pass of random data with verification.

HMG IS5 Enhanced: Pass 1 - Pass of zeros.

Pass 2 - Pass of ones.

Pass 3 - Pass of random data with verification.

The CSEC ITSG-06 is a Brittish software based sanitization method to remove data from hard drives.

Pass 1 - Pass of ones or zeros.

Pass 2 - Pass of the complement of the previously written character.

Pass 3 - Pass of random data with verification.

ClaraWipe Pro has been built to exceed the highest international standards by always utilizing the firmware level ATA Secure Erase commands, defaulting to the most stringent standards for drive sanitization, verifying successful overwriting, and producing serialized and tamper-proof reporting for a secure audit trail.

Running a ClaraWipe Pro erasure report will render all data on a drive forensically unrecoverable.

See: “When attempting to boot into ClaraWipe, the screen went black and never turned back on.”

The Host Protected Area (HPA) refers to an area on a hard drive or solid state drive that is not accessible by the user, BIOS, or operating system. The Device Configuration Overlay (DCO) is also not usually accessible to the user, BIOS, or operating system. These areas are created for multiple reasons:

HPA:

USed by a vendor to store necessary files to perform a factory reset or a backup of the computer’s operating system.

Diagnostics software or other utilities may be store here.

DCO:

Used by vendors so drives of various capacities may be purchased in an installation, usually from more than one manufacturer, yet need to have uniform drive sizes to maintain consistency.

These areas are vulnerable because malware or other malicious data can hide here to avoid detection. It’s important to sanitize the entire drive to eliminate the risk.

Licenses are purchased at license.clarabyte.com. Each instance of ClaraWipe Pro has a unique Identification Code under the LICENSES tab, after making the desired purchase amount use Product Key to update the ClaraWipe instance. For security reasons ClaraWipe Pro never connects to the internet.

1. Log into ClaraWipe. (default username: admin default passphrase: clarawipe)

2. Select Settings on the left side.

3. Select LICENSES on the top bar.

4. Select the “+” button on the bottom right.

5. A modal will appear, use the Identification Code on the https://license.clarabyte.com site, create or log into account, make purchase amount, a Product Key will be produced.

6. Enter Product Key from the purchase to update ClaraWipe Pro instance, select REDEEM to update software. Licenses will be automatically added.

7. See “How do you provision ClaraWipe Pro USB keys, export licenses, reclaim licenses, and import report data?” to distribute licenses to multiple ClaraWipe Pro instances.

Here is a quick set of instructions for downloading and mounting ClaraWipe Pro to a USB key. It’s recommended that you use at least a 16GB USB 3.0. Please note, if you have any remaining licenses on the key you’re updating, they will be erased by overwriting new data to that drive.

Use the download link sent via email.

To write the download file to disk, use Etcher. Download the verison for your OS here, otherwise each download has an Etcher download for Mac, Windows, and Linux.

Etcher is easy to use. Select the IMG file from the folder you extracted it to. Then select the USB drive where you would like to write the image. Select Flash! The process will take approximately 15-30 minutes, depending on hardware. After it completes, your ClaraWipe Pro USB will be ready for boot.

ClaraWipe is built for efficiency and flexibility. Additional ClaraWipe Pro USB keys may be provisioned from the host machine. This provides the user with the ability to directly interact with machines without network boot capabilities or for multi-site data erasure.

A dedicated host machine should be chosen . Not only will the host machine be used to deploy the ClaraWipe software across the network via PXE boot, this machine will be used to provision new ClaraWipe Pro USB keys or to import data from erasure reports or hardware reports. Each successful erasure or hardware report will be saved to the ClaraWipe Pro USB drive which initiated the report.

Once a successful erasure or hardware report has been finalized with the provisioned ClaraWipe Pro USB, power off the machine, and unplug the drive. That drive may be inserted into the host machine to import data into a combined report. The key can be used for any number of reports for any number of clients, provided enough licenses are exported to the provisioned ClaraWipe Pro USB.

PROVISIONING:

1. Log into ClaraWipe. (default username: admin default passphrase: clarawipe)

2. Select USB Drives on the left side.

3. In addition to the USB drive used to boot into ClaraWipe, insert an additional USB drive to create a new instance of ClaraWipe. (minimum recommended specs - 8GB USB 3.0)

4. Click on the provisioning icon on the far right of the desired USB drive. (looks like a box with an arrow pointing into it)

5. The drive will be shown on it’s own page and the PROVISION button will start the process. (All data on the new USB will be overwritten, including other instances. Make sure to reclaim all licenses before starting the provisioning process, if possible)

6. The application will be halted during this process and it can take upwards of 30 minutes. Any 8GB or larger USB 3.0 drive is recommended for speed and reliability. Once the drive is finished you will be able to add licenses, or import data from it which will allow all reports saved on the USB to be merged into the host machine.

Exporting Licenses:

1. To export licenses to a ClaraWipe Pro USB, enter the USB Drives tab on the far left.

2. Select the dive you would like to add licenses to.

3. Enter the desired number of licenses to be transferred.

Reclaiming Licenses:

1. To reclaim licenses, enter the USB Drives tab on the far left, then select the ClaraWipe Pro USB you would like to reclaim licenses from.

2. Click on RECLAIM ALL LICENSES, all licenses on the ClaraWipe Pro USB will be transferred to the local machine’s ClaraWipe Pro instance (USB or SSD).

3. Licenses will be automatically updated on the host machine.

Importing Report Data:

1. Similar in process to Reclaiming Licenses. All reports may be exported to the host machine from the USB Drives tab.

2. Select the ClaraWipe Pro USB drive you would like to import data from.

3. Click on IMPORT DATA. This will take a few moments, afterward you will be able to view any imported reports in Previous Reports.

• • CD
  • USB
  • PXE
  • EXE

Boot the desired machine to the BIOS. Each device will require a different key press to activate this setting. Power on the system. As soon as the first logo screen appears, immediately press the appropriate key to view the BIOS (Check with your hardware manufacture to see which key should be used - common keys are ESC/F2/F12, etc)

Make sure to use always powered on USB ports (lightning bolt symbol)

ClaraWipe has been designed for multi-platform use across all machines. Running ClaraWipe required booting from desired medium (CD, USB, PXE) instead of normal OS.

Reboot your computer.

Press the appropriate key to view the BIOS. Check with your hardware manufacturer to see which key should be used.

Disable Secure boot may be necessary. (See “How to Disable Secure Boot” or view the ReadMe in your ClaraWipe Pro download ZIP file)

Save Change and Reboot.

You will see the Clarabyte logo with a loading indicator. Depending on the machine, it may take a few minutes to boot. If the machine enters a sleep state, see the ReadMe view the “When attempting to boot into ClaraWipe, the screen went black and never turned back on”, or quick press the power button.

If the USB is not being recognized by the BIOS, it may be necessary to enable Legacy Boot or UEFI Boot Mode in order to start ClaraWipe. Within the BIOS, there will be a setting to toggle between Legacy Boot and UEFI. See “How do I enable Legacy/UEFI Boot?”

Note: The common shortcut key to save and exit is F10. Although, the exact steps depend on the PC make and model , but generally navigating with the arrow keys will let you reach the options of “discard changes and exit” vs “save changes and exit”. Make sure you choose “save and exit”. The keyboard shortcut F10 is often synonymous with “save and exit” but you should make sure before using it.

boot. In order to fully erase the HPA and DCO sectors of a hard drive, ClaraWipe briefly suspends the machine to reset this Security Freeze. Some hardware cannot be woken up from the suspension programmatically and will require the use to wake the machine by quick pressing the power button. If ClaraWipe shows a blank screen and the machine indicates a suspended state, pressing the power button will wake the machine to continue the boot process. A suspended state can usually be shown with a pulsing power light or separate LED indicator.

Further explanation:

Most BIOS’s are set to send an ATA security freeze command to all drives when staring the machine. This is a security measure to stop potential attackers from locking your drive or erasing your data. In order to completely erase all data on a drive, this security freeze need to be unfrozen. A drive requires a complete power cycle while the machine is still running in order to disable this freeze. This way the settings are cleared and the BIOS doesn’t resend the command while the machine is running. The ideal method, the method we use, is to put the computer into sleep (ACPI power state S3) and wake it automatically. This will power cycle the drives and unfreeze them. The much more difficult manual way is to physically disconnect the drives while the computer is running and then plug them back in. We do not recommend this method ever, as there is ample opportunity to ruin your hardware permanently.

If the USB is not being recognized by the BIOS, it is necessary to enable Legacy Boot or UEFI Boot Mode in order to start ClaraWipe.

Immediately after powering on your PC, as soon as the manufacturer logo shows up on your BIOS splash screen, you will have the option to press a special key. This key changes from PC to PC. (esc, F9, F12, etc.)

Once inside the UEFI setup and configuration section, you’ll be presented with a number of options and parameters that can be configured for the firmware environment. The option you’re looking for has many names which depends on the PC and EFI firmware. Some possible names include:

• • Legacy Support (On/Off or Enabled/Disabled)
  • Boot Device Control
  • Legacy CSM (On/Off or Enabled/Disabled)
  • Launch CSM (On/Off or Enabled/Disabled)
  • CSM (On/Off or Enabled/Disabled)
  • UEFI/Legacy Boot (Both/Legacy Only/UEFI Only)
  • Boot Mode (Legacy Support/No Legacy Support)
  • Boot Option Filter (UEFI and Legacy First/Legacy First/Legacy Only/UEFI Only)
  • UEFI/Legacy Boot Priority (UEFI First/Legacy First/Legacy Only/UEFI Only)

In order for the changes to the Secure Boot Configuration to take effect, the BIOS/EFI/UEFI configuration options must be saved. The common keyboard shortcut to save and exit is F10.

Secure Boot is a feature in the BIOS and is used in new 64-bit computers with Windows 8 and above. It is designed to stop unsigned bootloaders for security reasons. Therefore, it is not possible to boot the computer from a CD or USB drive, unless the option is disabled.

Note: Because GPT partitions require mandatory UEFI, Windows may not boot after disabling secure boot. Remember to change the BIOS settings back to their defaults after erasure.

Restart the computer.

Press the appropriate key to enter the BIOS (usually F2 or F10, check with your manufacturer).

Find the Secure Boot setting, and if possible, set it to Disabled. This option is usually in either the Security tab, the Boot tab, or the Authentication tab.

Save the changes and Exit the BIOS.

Some laptops require ClaraWipe to be plugged into the Always-On port. These ports are usually indicated by a lightning bolt symbol. If your machine shows the Clarabyte logo on boot, but hangs on a blank screen afterwards, double check to make sure you are using an Always-ON port.

Note: The Always-On ports are sometimes necessary because most BIOS’s send a Security Freeze command to installed SATA drives on a machine. ClaraWipe uses a special technique to unfreeze drives by sending the machine into ACPI C3 power state. The low-power state can cause USB ports on some machines to lose power and interrupt the boot process.

Hardware Requirements:

ClaraWipe is very flexible and can be run in a number of configurations. From a USB that is used to erase just one computer, to a server with hundreds of drives and network connected machines. This section will split up the requirements into two sections. Absolute minimum requirements to run ClaraWipe on any machine and recommended specifications for running a server with many disks connected directly to the ClaraWipe machine.

Minimum Requirements:

• • Intel Pentium 4, AMD Athlon XP or later processer
  • 512 MB RAM
  • VGA capable of 1024x768 resolution
  • At least 1 available USB port

Recommended Spefications:

Server Specs

• • Rack Mounted
  • 2+ Intel Xeon 12 core CPU
  • 16GB RAM (or more)
  • 4x PCI Express 3.0 slots (or greater)
  • Dedicated Graphics Card
  • 4x SAS 3 JBOD compatible expander controller cards
  • 4x SAS/SATA 24-drive expanders

This setup will allow 96 drives to be erased during one report, if your requirements are less, reduce the number of controller cards and expanders. It is possible to control more than one expander from a single controller card, but the controller card becomes a bottleneck and this results in reduced throughput overall. We recommend SAS 3 for the greatest speeds.

Note: It is imperative to use JBOD compatible controller cards when using a SAS expander.

Expanders are arrays of disks connected to the ClaraWipe machine. These arrays can be vastly different in size and configuration. This setting allows ClaraWipe to correctly display each disk location in your specific expander.

Note: (This section will only apply to a machine with expanders connected. While expander configuration is not necessary for complete erasure, it will allow you to physically locate drives with ease.)

To determine the direction and orientation of your expander, you can locate this information in the documentation for the expander. Otherwise, this can be determined physically on the unit. Each connector should be labeled with the origin starting in one of the corners.

1. Log into ClaraWipe. (default username: admin default passphrase: clarawipe)

2. Select Setting on the left side.

3. Select EXPANDERS on the top bar.

4. Select the expander to configure.

5. A window will appear, this will allow you to change the rows and columns of your expander, to select the origin, and select the direction the expander orders drives. Once you select the number of rows and columns, the origin can be selected by clicking one of the highlighted corners.

6. The corner selected will then present two directions, the expander will start from the corner you selected and continue in the direction chosen.

7. The expander will now show the bay numbers as chosen. To save these settings click SAVE.

A report of the connected drives that have undergone ClaraWipe erasure. All data storage mediums on a device connected to a device will be recognized and erased when running an erasure report. Creating a Client and a Technician is required to run a report.

1. Log into ClaraWipe. (default username: admin default passphrase: clarawipe)

2. Select Settings on the left side.

3. Select CLIENTS on the top bar.

4. Select the “+” button on the bottom right.

5. A modal will appear, modify as desired and SAVE.

6. Select TECHNICIANS on the top bar.

7. Select the “+” button on the bottom right.

8. A modal will appear, modify as desired and SAVE.

9. Otherwise, technician information may be selected from the list and modified.

10. Select New Report from the left side, choose Erasure Report.

11. Enter Client name in the Select a Client search bar.

12. Enter unique Report ID if desired.

13. Select desired Security Standard from the drop down menu.

14. Select START at the bottom right.

Customizing reports is easy, follow these steps:

1. Log into ClaraWipe. (default username: admin default passphrase: clarawipe)

2. Select Settings on the left side.

3. Select REPORTING on the top bar.

4. Select the “+” button on the bottom right.

5. A modal will appear, you can modify or add any field for both Machines and Drives. To save these settings click SAVE.

A report that gathers the specifications of the connected machines, without drive erasure. Creating a Client and a Technician is required to run a report.

1. Log into ClaraWipe. (default username: admin default passphrase: clarawipe)

2. Select Settings on the left side.

3. Select CLIENTS on the top bar.

4. Select the “+” button on the bottom right.

5. A modal will appear, modify as desired and SAVE.

6. Select TECHNICIANS on the top bar.

7. Select the “+” button on the bottom right.

8. A modal will appear, modify as desired and SAVE.

9. Otherwise, technician information may be selected from the list and modified.

10. Select New Report from the left side, choose Hardware Report.

11. Enter Client name in the Select a Client search bar.

12. Enter unique Report ID if desired.

13. Select START at the bottom right.

Both Erasure and Hardware reports may be saved and exported as XLSX or PDF. All you have to do is Finalize report, select the Floppy Disk icon on the upper right and choose desired file type.

See “How do you provision ClaraWipe Pro USB keys, export licenses, reclaim licenses, and import report data?” to import reports.

All reports are saved on the ClaraWipe Pro instance and may be viewed at any time under the Previous Reports section on the left side.

The update process for ClaraWipe is designed for completely offline updating. An update file will be delivered electronically or on a USB key. This file must be transferred to a USB key if not already, and then the USB key will be plugged into the machine running ClaraWipe.

Note: ClaraWipe will not be usable while updating. Immediately following this process, the machine will restart. It will then be updated and ready to use.

1. When the USB containing the update file is connected to the machine, a navigation option for Upgrade will appear at the lower left, under Settings.

2. Click Upgrade.

3. The application will tell you what version is on the USB key that you will be upgrading to. Click Upgrade to continue.

4. You will be shown a warning statement that after completing the upgrade, the machine will restart. Select continue when you are ready to start the upgrade process.

5. The upgrade process will take a few minutes and you will see a progress screen. The application will be unusable while this process is underway. Once it is completed the machine will shut down. Power on the machine and boot into your newly upgraded ClaraWipe Pro instance.

An admin user has full user privileges, while the technician is restricted for security reasons.

Admin:

• • Purchase licenses
  • Distribute licenses
  • Provision USBs
  • Start Erasure Reports
  • Start Hardware Reports
  • Save Reports
  • Modify User Settings

Technician:

• • Start Erasure Reports
  • Start Hardware Reports
  • Save Reports

ClaraWipe exceeds all international standards by providing absolute data erasure, regardless of drive type. This is done by utilizing on-board ATA secure erase protocols, custom overwrite patterns which include the option for a truly random overwrite pass, and verification of successful erasure.

1. Log into ClaraWipe. (default username: admin default passphrase: clarawipe)

2. Select Settings on the left side.

3. Select STANDARDS on the top bar.

4. Notice the default standards, the NIST 800.88 is the most current U.S. Government standard for data erasure.

5. To create a custom security standard select the “+” button on the bottom right.

6. Create a title and choose the desired number of passes and pass type.

7. SAVE.

8. This custom Security Standard will now be a selectable option before starting an Erasure Report.

Adminstrator – A designated person that has access to purchasing licenses, provisioning ClaraWipe Pro USB’s, has access to ClaraWipe, and can modify all settings on a ClaraWipe installation.

ATA Secure Erase - Data sanitation for a Solid State Drive is performed through a combination of overwrite patterns and Secure Erase Commands. When an ATA Secure Erase command is issued to the controller on the SSD, all cells in the drive release their stored electrons, which restores the drive to factory settings and write performance. Only using overwrite patterns on SSDs is ineffective due to bad blocks and wear leveling. ClaraWipe uses secure erase commands in addition to custom overwriting patterns for complete data erasure.

BIOS – A set of computer instructions in firmware that control input and output operations.

BIOS Lock -

ClaraWipe – The data destruction software in the Clarabyte suite of tools.

Crytograhic Erase -

Data Destruction – The process of destroying data stored on hard disks so that it is completely unreadable and cannot be accessed or used for unauthorized purposes.

Data Forensics – A process that may involve many different tasks, such as data recovery or data tracking.

Device Logs - ClaraWipe appregates the technical specifications from each device for accountability and increasing potential resale value.

Expander – An attachment on a server to add extra hard disks. ClaraWipe can utilize an expander to perform data destruction on loose hard disks.

Host Machine – The main or controlling computer connected to other computers to which is provides data or computing services via a network.

Identification Key – A unique identifier for a machine that is used when redeeming licenses.

Licenses – Licenses are used for each successful hard disk erasure and each machine through a hardware report.

Network Boot – The process of booting a computer form a network rather than a local drive.

Origin – The slot on the expander where the device begins numbering disks. Each expander has a unique path which is important for locating specific hard disks once the ClaraWipe report has completed.

PDF – A file format that provides an electronic image of text or text and graphics that looks like a printed document and can be viewed, printed, and electronically transmitted.

Product Key – A specific software-based key used when purchasing licenses through https://license.clarabyte.com

Provisioning – the process of creating a ClaraWipe Pro USB and assigning licenses to those keys.

PXE – Preboot Execution Environment – An industry standard client/server interface that allows networked computers that are not yet loaded with an operating system to be configured and booted remotely by an administrator.

Remote Machine – A computer connected to the network other than the computer which a user is currently using.

Sanitation – See Data Destruction

Security Freeze Lock -

Security Standards – The standards used when performing data destruction. Each standard may require a various number of passes, order of passes, verification, and potentially validation. A ClaraWipe administrator may create custom standards before a report is started.

Technician – A user that has access to ClaraWipe. This user can perform data destruction reports and hardware reports.

USB – Universal Serial Bus – A common interface that enables communication between devices and a host controller such as a personal computer (PC).

Validation – The action of checking or proving the validity for successful erasure. This is done through Clarabyte’s stand alone validation utility, ClaraCheck.

Verification -

XLSX – A file extension for an open XML spreadsheet file format used by Microsoft Excel.

ClaraWipe meets and exceeds the following national and international standards.

General Data Protection Regulation (GDPR) -

Sarbanes-Oxley (SOx) - Must keep both paper and electronic records for 5 years.

HIPAA & HITECH - Clearing, Purging, and Destroying. Documentation is required.

The Fair and Accurate Credit Transactions Act of 2003 (FACTA) - Requires that any financial institutions properly dispose of data that contains consumer information.

CSEC ITSG-06 - Three overwrites (1 or 0, it’s complement, Random)

Payment Card Industry Data Security Standard (PCI DSS) - Verify that card holder information is rendered unrecoverable via a secure wipe program in accordance with industry standard, or physically destroyed.

Personal Information Protection and Electronic Documents Act (PIPEDA) - Irreversibly destroy media, including copies and backups.

EU data protection directive of 1995 - Any data “by which an individual can be identified” is the sole responsibility of the controller. Anyone who touches or has access to your data, wherever they are based, is responsible in the case of a data breach.

HMG/CESG CPA SC v2-1 - (1’s, 0’s, Random)

Gramm-Leach-Bliley Act (GLBA) - A federal law to control the ways that financial institutions deal with private information of their customers such as names, addresses, and phone numbers; bank and credit card account numbers; income and credit histories; and Social Security numbers. It requires financial institutions to ensure the security and confidentiality of this type of information.

California Senate Bill 1386 - A California law requiring a business that owns or licenses computerized ‘personal information’ to disclose any breach of security.

Standard Single Pass - One overwrite (0’s)

DoD 5220.22-M - Three overwrites with one verification (0’s, 1’s, Random)

HMG IS5 Baseline - One overwrite with verification (0’s)

HMG IS5 Enhanced - Three overwrites with verification (0’s, 1’s, Random)

Canadian OPS-II - Seven overwrites with verification (0’s)

Canadian CSEC ITSG-06 - Three overwrites with single end verification

US Army AR380-19 - Three overwrites with single end verification

US AFSSI 5020 - Three overwrites with single end verification

US AFSSI 8580 - Eighteen overwrites

German VSITR - Seven overwrites and verify

NAVSO P-5239-26 - Three overwrites with verification

NCSC-TG-025 - Three overwrites with verification

Russian GOST P50739-95 version 2 - One overwrite (Random)

Australian DSD ACSI-33 (XO-PD) - Three overwrites with two verifications

Secure Erase - 1 overwrite with verification

NNSA NAP 15.1-C - Two overwrites with single end verification (0’s and 1’s)

BSI-2011-VS - Two overwrites with two verifications

Peter Gutmann - 35 passes (4 random, 27 complex, 4 random)