Consider also the technique used in the Norton Utilities program "Diskwipe" which takes a /g switch which "Follows certain government rules for wiping". I can't find the manual but I think it specifies how many repetitions are used and different values to write in each.

SunOS 4.X 'format/analyze/purge', (which was done at the request of SunFed, for some Fed contract) uses 4 repetitions with patterns: 0xaaaaaaaa (10101010) 0x55555555 (01010101) 0xaaaaaaaa (10101010) 0xaaaaaaaa (10101010) Followed by a final pass with: 0x40404040 (10000000) Consider this secure if you want. :-) For Unix variants, one might consider a 'patch' to libc that scribbled on the file passed to the 'unlink()' system call before actually performing the syscall. This will, of course, break Unix semantics because there is no way to tell from userland that no other process is holding the file open, so you'll scribble on the file prematurely. I guess itrunc() is what really need changing. Jim