Lee Winter wrote:
[snip]
Jumping
into that discussion, here is evidence that this is not possible
with modern drives:
http://www.h-online.com/news/Secure-deletion-a-single-overwrite-will-do-it--/112432
No, that it not evidence. It is an opinion; possibly a very informed
opinion. But security issues often require a skeptical perspective.
In this case an expert's statement that he does not know how to
retrieve info from a drive is abolutely worthless in determining
whether anyone else knows how to retrieve info from a drive.
[snip]
That will work up to the value of the information being
secured. But once the value of the information reaches an upper limit
then it becomes worthwhile for people to use more sophisticated
techniques, and overwriting with a constant pattern becomes worthless.
There is a recently revised NIST standard for securing information. It
says very little -- propably because the US givernment has an interest
in lowering other entities security. The previous versions of that
standard were a lot more informative and useful.
BTW, no sensible person ever said that 35 passes were necessary and/or
useful. A well-informed and well-intentioned expert answered a silly
question and his answer boils down to the (valid) claim that it is not
possible for any drive to require more than 35 passes. The total of 35
was obtained by summing all of the possible overwrite techniques for
all possible drive/recording technologies. After that many
non-sensible people claimed that 35 passes was the ne-plus-ultra in
disk scribbing, which claim is both invalid and stupid.
Lee Winter
NP Engineering
Nashua, New Hampshire
Not a fan of Peter Guttman, I take it. He is pretty well known in the
fields of computer security and data deletion. Here is a link to his
paper.
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
Chris
|