Re: Putting the "NSA Data Overwrite Standard" Legend to Death...

[Brian Hatch <bugtraq () ifokr org>]

> Near as I can tell if someone says they are doing NSA overwrites, they are
> full of shit. In addition, based upon Mr. Gutmann's paper and the fact
> that it is quite old, one can assume that with advanced forensics the
> simple 3, 7, or 9 time overwrites that these products are claiming as
> secure actually are not even close to the level of security they claim. In
> fact, by following this "glossy brochure" de facto standard, data is not
> secured from recovery by an advanced recovery effort at all.

And worse yet, your data may well live in other places aside from the
official blocks on the disk.  If you're using a journaling file system,
your data was probably written to the journal before going to the
final blocks.  If the data was read by a process that swapped, your
swap partition may contain a copy of the data.  If the filesystem
layer decided to move your data around on the physical disk for
some reason then the original location will not be overwritten by
our standand 'write junk x times' method.

To my knowledge there is no 100% guarenteed method to delete your
bits irrevocably from the hardware without writing over the
entire disk[1], not just the parts officially allocated to the file
at any given time.

[1] multiple times with different data each time, as meantioned before.

--
Brian Hatch                  "Cannot say. Saying I
   Systems and                would know. Do not know,
   Security Engineer          so can not say."
www.hackinglinuxexposed.com

Every message PGP signed

Attachment: _bin
Description: