Bugtraq mailing list archives
Re: Putting the "NSA Data Overwrite Standard" Legend to Death...
From: Simple Nomad <thegnome () nmrc org>
Date: Tue, 4 Feb 2003 12:03:02 -0600 (CST)
Jonathan, When I was developing ncrypt (http://ncrypt.sourceforge.net/) I wanted to include a wiping function for the original plaintext file. I did a lot of searching and found numerous references to NSA or DoD standards, but that particular DoD reference was also as close as I got. I have implemented Peter Gutmann's recommendations from his 1996 paper "Secure Deletion of Data from Magnetic and Solid-State Memory" (which is at http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html) as a wiping alternative. This gives you 35 overwrites in a bit pattern designed to thwart advanced recovery efforts. How effective it is remains to be seen (who has the equipment AND knowledge to test it?). Near as I can tell if someone says they are doing NSA overwrites, they are full of shit. In addition, based upon Mr. Gutmann's paper and the fact that it is quite old, one can assume that with advanced forensics the simple 3, 7, or 9 time overwrites that these products are claiming as secure actually are not even close to the level of security they claim. In fact, by following this "glossy brochure" de facto standard, data is not secured from recovery by an advanced recovery effort at all. Where does the level of security lie? On one end of the spectrum, your kid sister cannot recover the file, on the other end the big spook agencies can get it no problem. The question is who can do an advanced recovery effort these days? - Simple Nomad - negotium - - thegnome () nmrc org - perambulans - - thegnome () razor bindview com - in tenebris - On Tue, 4 Feb 2003, Jonathan G. Lampe wrote:
OK, I'm sure this one will start a flame war, but...I work for a vendor whose products overwrite files when "deleting" them as a way of protecting old data. Lately several customers have been asking for "NSA" or "DoD" standard overwrites, usually with a value of 3, 7 or 9. (Our response to the feature was to more or less let the owner of the product pick the number of overwrites; the obvious tradeoff is morewrites=slowerdisk.) Anyway, while researching how we wanted to document recommended values for the overwrite feature, I looked into the "DoD" and "NSA" standards. I was not surprised to see that a "DoD standard" DOES exist: Government name: DoD 5220.22-M A nice summary: http://www.zdelete.com/dod.htm (not my product) Some original documents: http://www.dss.mil/isec/nispom.htm Long story short: 1 overwrite = CLEAR, 3 overwrites = SANITIZED (non-removable rigid disk) I was surprised, however, to learn that a "NSA standard" DOES NOT exist. I did the usual Google searches and came up with nothing but various sites and postings claiming the standard was anything from 5 to 20 overwrites. Then I called the NSA (1-800-688-6115 - http://www.nsa.gov/isso). The first person I chatted with passed on the question, but the second answered the question in no uncertain terms - NSA is aware of DoD 5220.22-M and DOES NOT have a separate recommendation. So...could this finally be the end of IT employees casually tossing around the "NSA overwrite standard" - or is there something I'm missing? Second, where did the number 7 really come from? (It seems to be the leading recommendation out there right now for number of overwrites and is frequently attributed to the NSA.) - Jonathan Lampe, GCIA, GSNA - jonathan.lampe () stdnet com
Current thread:
- Putting the "NSA Data Overwrite Standard" Legend to Death... Jonathan G. Lampe (Feb 04)
- Re: Putting the "NSA Data Overwrite Standard" Legend to Death... Simple Nomad (Feb 04)
- Re: Putting the "NSA Data Overwrite Standard" Legend to Death... Brian Hatch (Feb 04)
- Re: Putting the "NSA Data Overwrite Standard" Legend to Death... Kurt Seifried (Feb 04)
- Re: Putting the "NSA Data Overwrite Standard" Legend to Death... Brian Hatch (Feb 04)
- Re: Putting the "NSA Data Overwrite Standard" Legend to Death... Stephen D. B. Wolthusen (Feb 04)
- Re: Putting the "NSA Data Overwrite Standard" Legend to Death... Simple Nomad (Feb 04)