David Honig[SMTP:honig@sprynet.com] wrote: At 11:38 AM 2/19/01 -0800, Ray Dillinger wrote:
The problem is that data that's been written over once, or even twice or ten times, can often still be read if someone actually takes the platters out and uses electromagnetic microscopy on them.
Really? You think the fed specs on secure wiping are disinfo?
I don't think they're disinfo, but I suspect they are dated. Also, for highly sensitive data, the secure wiping standards generally involve liberal use of thermite. The problem lies in the gap between what disk manufacturers are willing to spend on disk r/w mechanisms, and what an attacker is able to spend. If your threat model does not include seizure (or a secret swap-out) of the hard drive, then yes, a single overwrite with random data will protect you pretty well. If something could be done to use the existing head mechanisms to reliably recover over-written data, then the HD manufacturers would be using it to boost capacity. It's when your opponent can pull out the platters, and either put them in a drive with better heads, or into an AFM rig, that the remanent data becomes interesting. How many overwrites it takes to securly delete varies according to several factors, including: * How many random writes it takes to make the analog flux levels irrecoverable. * How much jitter there is in the drive - the likely hood that a given write of a sector will be a little closer or further from the center of the track, measured radially (I suspect that this is affected by termperature and the most recent head movement) * How accurate the drive is in speed and time - ie, if a given bit is written slightly earlier or later along the track than it was the previous time. Again, temperature may be an important factor. I would expect that as disks become denser, the head mechanisms also become more precise, and the recover problem gets harder. It's my vague recollection that some of the newer storage technologies (CD-RWs, MOs, etc) use preformatted pits to store the data bits. Its possible that for these technologies, the number of overwrites required to make data irrecoverable is considerably lower, but that's outside my area of expertise. Peter Trei