On 2014-01-20, at 13:35, R.S. wrote:
>
> And what about n-times overwrite policies? What number is proper? Does one
> need to overwrite disk content once, twice, 3 times, 7 times or 21 times?
> What's the magic number? And what is the reason for the number?
>
For example from:
http://www.fsl.cs.sunysb.edu/docs/secdel/
2.3 Overwrite Data Many Times
Years ago it was shown that there is a chance that even after the data is
overwritten, it can potentially be recovered [15]. Many experts believe that
unless one can overwrite the data numerous times, that it is not worth to
overwrite it even once [9]. Nothing could be further from the truth. Even the
government’s own NIST and NISPOM standards for secure deletion of top-secret
files call for overwriting no more than three-times [8, 23]; and, for most
users, a single overwrite will suffice and greatly enhance security. In
particular, one overwrite will make any software-based data recovery
impossible. Thus, hackers who gain privileged access to the system will not be
able to recover files deleted from its hard disks. To date, no commercial
services are available to recover data that was overwritten even just once [24].
(See original for citations ca. 2005 and earlier.)
My suspicion is that it was empirical. Someone working with
RAID/virtual disks which don't really overwrite in place
observed that data were still recoverable from original,
non-overwritten sectors. But a sufficient number of
overwrites would suffice to overwrite the real backing store.
-- gil
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
