On 2014-01-20, at 13:35, R.S. wrote: > > And what about n-times overwrite policies? What number is proper? Does one > need to overwrite disk content once, twice, 3 times, 7 times or 21 times? > What's the magic number? And what is the reason for the number? > For example from:
http://www.fsl.cs.sunysb.edu/docs/secdel/ 2.3 Overwrite Data Many Times Years ago it was shown that there is a chance that even after the data is overwritten, it can potentially be recovered [15]. Many experts believe that unless one can overwrite the data numerous times, that it is not worth to overwrite it even once [9]. Nothing could be further from the truth. Even the government’s own NIST and NISPOM standards for secure deletion of top-secret files call for overwriting no more than three-times [8, 23]; and, for most users, a single overwrite will suffice and greatly enhance security. In particular, one overwrite will make any software-based data recovery impossible. Thus, hackers who gain privileged access to the system will not be able to recover files deleted from its hard disks. To date, no commercial services are available to recover data that was overwritten even just once [24]. (See original for citations ca. 2005 and earlier.) My suspicion is that it was empirical. Someone working with RAID/virtual disks which don't really overwrite in place observed that data were still recoverable from original, non-overwritten sectors. But a sufficient number of overwrites would suffice to overwrite the real backing store. -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN