Jonathan, When I was developing ncrypt (http://ncrypt.sourceforge.net/) I wanted to include a wiping function for the original plaintext file. I did a lot of searching and found numerous references to NSA or DoD standards, but that particular DoD reference was also as close as I got. I have implemented Peter Gutmann's recommendations from his 1996 paper "Secure Deletion of Data from Magnetic and Solid-State Memory" (which is at http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html) as a wiping alternative. This gives you 35 overwrites in a bit pattern designed to thwart advanced recovery efforts. How effective it is remains to be seen (who has the equipment AND knowledge to test it?). Near as I can tell if someone says they are doing NSA overwrites, they are full of shit. In addition, based upon Mr. Gutmann's paper and the fact that it is quite old, one can assume that with advanced forensics the simple 3, 7, or 9 time overwrites that these products are claiming as secure actually are not even close to the level of security they claim. In fact, by following this "glossy brochure" de facto standard, data is not secured from recovery by an advanced recovery effort at all. Where does the level of security lie? On one end of the spectrum, your kid sister cannot recover the file, on the other end the big spook agencies can get it no problem. The question is who can do an advanced recovery effort these days? - Simple Nomad - negotium - - thegnome@nmrc.org - perambulans - - thegnome@razor.bindview.com - in tenebris - On Tue, 4 Feb 2003, Jonathan G. Lampe wrote: > OK, I'm sure this one will start a flame war, but...I work for a vendor > whose products overwrite files when "deleting" them as a way of protecting > old data. Lately several customers have been asking for "NSA" or "DoD" > standard overwrites, usually with a value of 3, 7 or 9. (Our response to > the feature was to more or less let the owner of the product pick the > number of overwrites; the obvious tradeoff is morewrites=slowerdisk.) > > Anyway, while researching how we wanted to document recommended values for > the overwrite feature, I looked into the "DoD" and "NSA" standards. > > I was not surprised to see that a "DoD standard" DOES exist: > Government name: DoD 5220.22-M > A nice summary: http://www.zdelete.com/dod.htm (not my product) > Some original documents: http://www.dss.mil/isec/nispom.htm > Long story short: 1 overwrite = CLEAR, 3 overwrites = SANITIZED > (non-removable rigid disk) > > I was surprised, however, to learn that a "NSA standard" DOES NOT exist. > > I did the usual Google searches and came up with nothing but various sites > and postings claiming the standard was anything from 5 to 20 > overwrites. Then I called the NSA (1-800-688-6115 > - http://www.nsa.gov/isso). The first person I chatted with passed on the > question, but the second answered the question in no uncertain terms - NSA > is aware of DoD 5220.22-M and DOES NOT have a separate recommendation. > > So...could this finally be the end of IT employees casually tossing around > the "NSA overwrite standard" - or is there something I'm missing? > > Second, where did the number 7 really come from? (It seems to be the > leading recommendation out there right now for number of overwrites and is > frequently attributed to the NSA.) > > - Jonathan Lampe, GCIA, GSNA > - jonathan.lampe@stdnet.com >
