Jun 192012
 

I think that every user that has some skill know that a simple rm of a file or deleting it via any file manager is not enough to really remove it from your hard disk.

In Linux there are some tools that can offer you way more secure to really delete your files: DBAN if you need to erase completely a hard disk o partition or if you just have to delete some files you can use Shred or Wipe


Shred

The nice thing of this little program is that is already present in your computer, from its man page:

Overwrite the specified FILE(s) repeatedly, in order to make it harder for even very expensive hardware probing to recover the data.

This means that the shred command is a good starting point to give us some privacy. Basically it goes back and forth on the content of the file by overwriting it several times and making it unrecoverable. If used without specifying anything, the steps are 3.

The basic syntax is shred filename this will just cover the file without deleting it.
I think that an example will help much more than a long explanation:

$ echo "this is my bank password: qwerty12" > mysecret.txt
 
$ cat mysecret.txt 
this is my bank password: qwerty12
 
$ shred mysecret.txt 
 
$ cat  mysecret.txt 
 
XW/h/]g$iU5qt41...
.....
....
a lot of binary garbage

To delete the file after the shredding, you can just add the -u option and to see all the steps you can add the -v (verbose) flag.

$shred -vu mysecret.txt 
shred: mysecret.txt: pass 1/3 (random)...
shred: mysecret.txt: pass 2/3 (random)...
shred: mysecret.txt: pass 3/3 (random)...
shred: mysecret.txt: removing
shred: mysecret.txt: renamed to 000000000000
shred: 000000000000: renamed to 00000000000
shred: 00000000000: renamed to 0000000000
shred: 0000000000: renamed to 000000000
shred: 000000000: renamed to 00000000
shred: 00000000: renamed to 0000000
shred: 0000000: renamed to 000000
shred: 000000: renamed to 00000
shred: 00000: renamed to 0000
shred: 0000: renamed to 000
shred: 000: renamed to 00
shred: 00: renamed to 0
shred: mysecret.txt: removed

And if you want to do more than 3 passes you can use the option -n “number of passes”, so writing shred -n 50 myfile, will do 50 times the random pass on myfile.

CAUTION: Note that shred relies on a very important assumption: that the file system overwrites data in place. This is the traditional way to do things, but many modern file system designs do not satisfy this assumption, for example In the case of ext3 file systems, the disclaimer applies (and shred is thus of limited effectiveness) only in data=journal mode, which journals file data in addition to just metadata. In both the data=ordered (default) and data=writeback modes, shred works as usual.

Wipe

Wipe is a secure file wiping utility. There are some low level issues that must be taken into consideration. One of these is that there must be some sort of write barrier between passes. Wipe uses fdatasync(2) (or fsync(2)) as a write barrier, or if fsync(2) isn’t available, the file is opened with the O_DSYNC or O_SYNC flag. For wipe to be effective, each pass must be completely written. To ensure this, the drive must support some form of a write barrier, write cache flush, or write cache disabling. SCSI supports ordered command tags. IDE/ATA drives support write cache flushes and write cache disabling. Unfortunetly, not all drives actually disable write cache when asked to. Those drives are broken. Write caching should always be disabled, unless your system is battery backed and always powers down cleanly.

A first quality of Wipe compared to shred is that it has the -r option that makes it delete recursively the contents of a directory, thus facilitating the removal of many files. In normal mode, 34 patterns are used (of which 8 are random) to overwrite the file.

Unlike shred is not usually installed by default but it can be easily found in the repositories of most Linux distributions.

Other useful options that you can use are:

-f (force; disable confirmation query) By default wipe will ask for confirmation, indicating the number of regular and special files and directories specified on the command line. This disable it.
-r (recurse into subdirectories) Will allow the removal of the entire directory tree. Symbolic links are not followed.
-q (quick wipe) If this option is used, wipe will only make (by default) 4 passes on each file, writing random data. See option -Q
-Q Sets the number of passes for quick wiping. Default is 4.

So for example I could use:

wipe -rfq -Q15 mysecret.txt

To delete the file with 15 random passes.

Conclusions

These tools will make your files harder to be recovered, i suggest to read this document, to have more information on this topic

Popular Posts:

Flattr this!

  4 Responses to “Secure Deletion of Data in Linux”

  1. Just curious how or if these utilities will work on a mounted filesystem that has journaling?

  2. LOL, nevermind….I should have read more.

  3. What about secure remove (srm)?

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)

*