Re: Disposal of storage devices/med

Tue, 21 Jan 2014 02:21:02 -0800 

W dniu 2014-01-20 22:44, Paul Gilmartin pisze:

On 2014-01-20, at 13:35, R.S. wrote:

And what about n-times overwrite policies? What number is proper? Does one need 
to overwrite disk content once, twice, 3 times, 7 times or 21 times? What's the 
magic number? And what is the reason for the number?

For example from:

     http://www.fsl.cs.sunysb.edu/docs/secdel/

     2.3        Overwrite Data Many Times
Years ago it was shown that there is a chance that even after the data is 
overwritten, it can potentially be recovered [15]. Many experts believe that 
unless one can overwrite the data numerous times, that it is not worth to 
overwrite it even once [9]. Nothing could be further from the truth. Even the 
government’s own NIST and NISPOM standards for secure deletion of top-secret 
files call for overwriting no more than three-times [8, 23]; and, for most 
users, a single overwrite will suffice and greatly enhance security. In 
particular, one overwrite will make any software-based data recovery 
impossible. Thus, hackers who gain privileged access to the system will not be 
able to recover files deleted from its hard disks. To date, no commercial 
services are available to recover data that was overwritten even just once [24].

(See original for citations ca. 2005 and earlier.)

My suspicion is that it was empirical.  Someone working with
RAID/virtual disks which don't really overwrite in place
observed that data were still recoverable from original,
non-overwritten sectors.  But a sufficient number of
overwrites would suffice to overwrite the real backing store.
1. I did mean DISK overwirte. Not some emulated gismo, especially not dasd arrays like Iceberg/RVA. That's completely different story and - important - it's still not applicable to number of writes. The problem in such arrays is to really overwrite the disks, no matter how many times. It's important to overwirte al least once, but every disk area, each copy. It's more like caution to delete dataset *and* its copies and backups. 
(Disclaimer: spare sectors on HDD is yet another story.)
2. Fun story: some company used special software to overwrite PC HDDs. The number of writes was set to 5. Reason: default was 3, "but we want more security". 3. Regarding possibility rto read *valuable* information overwritten once: Such theoretical possibility assumes one use good microscope and watches single magnetic domain. There is no hidden HDD command like "read deleted info". And now: what is easier: decrypt encrypted content of play with 100000000000000000-element puzzle of domains? 



--
Radoslaw Skorupka
Lodz, Poland






--
Tre tej wiadomoci moe zawiera informacje prawnie chronione Banku 
przeznaczone wycznie do uytku subowego adresata. Odbiorc moe by jedynie 
jej adresat z wyczeniem dostpu osób trzecich. Jeeli nie jeste adresatem 
niniejszej wiadomoci lub pracownikiem upowanionym do jej przekazania 
adresatowi, informujemy, e jej rozpowszechnianie, kopiowanie, rozprowadzanie 
lub inne dziaanie o podobnym charakterze jest prawnie zabronione i moe by 
karalne. Jeeli otrzymae t wiadomo omykowo, prosimy niezwocznie 
zawiadomi nadawc wysyajc odpowied oraz trwale usun t wiadomo 
wczajc w to wszelkie jej kopie wydrukowane lub zapisane na dysku.

This e-mail may contain legally privileged information of the Bank and is 
intended solely for business use of the addressee. This e-mail may only be 
received by the addressee and may not be disclosed to any third parties. If you 
are not the intended addressee of this e-mail or the employee authorized to 
forward it to the addressee, be advised that any dissemination, copying, 
distribution or any other similar activity is legally prohibited and may be 
punishable. If you received this e-mail by mistake please advise the sender 
immediately by using the reply facility in your e-mail software and delete 
permanently this e-mail including any copies of it either printed or saved to 
hard drive.
mBank S.A. z siedzib w Warszawie, ul. Senatorska 18, 00-950 Warszawa, www.mBank.pl, e-mail: [email protected] Sd Rejonowy dla m. st. Warszawy XII Wydzia Gospodarczy Krajowego Rejestru Sdowego, nr rejestru przedsibiorców KRS 0000025237, NIP: 526-021-50-88. Wedug stanu na dzie 01.01.2014 r. kapita zakadowy mBanku S.A. (w caoci wpacony) wynosi 168.696.052 zote. 


----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN

Reply via email to