I was reading the man page for rm when I came across this option:
-P Overwrite regular files before deleting them. Files are overwritten
three times, first with the byte pattern 0xff, then 0x00, and
then 0xff again, before they are deleted.
I guess -P is meant for thoroughly deleting a file, but wouldn't setting all the bytes to 0xff or 0x00 be enough? Why does it have to toggle between the two three times?
Best Answer
There is a technique called residual information retrieval that can read data that was deleted based on the idea that when the drive is magnetized in order to store data other parts that are close to the data is also affected by this and it should be possible to re-read data this way ... this is though a costly technique, but use it if you are paranoid ;)
By writing data 3 times (in this case) the parts next to the track on the drive should be re-set as well in order to make it impossible to re-read this way.