Nov 042012
 

At the base of these articles there is a simple fact: a simple rm of a file or deleting it via any file manager is not enough to really remove it from your hard disk.

If you really want to delete files from a computer you have to use more sophisticated commands, and in former articles we have seen:

Dban: Darik’s Boot and Nuke (commonly known as DBAN) is an open source project hosted on SourceForge. The program is designed to securely erase a hard disk until data is permanently removed and no longer recoverable, which is achieved by overwriting the data with random numbers generated by Mersenne twister or ISAAC (a PRNG).

Shred : Overwrites the specified FILE(s) repeatedly, in order to make it harder for even very expensive hardware probing to recover the data.

Wipe : Wipe is a secure file wiping utility.

Today we’ll take a look at the package secure-delete that contains some useful programs to delete in a safer way files, memory, free space and/or the Swap space.


To install the Secure-Delete tools in Debian, Ubuntu and Mint run in a terminal:

sudo apt-get install secure-delete

The package should be availabe also in other distributions, check your package manager searching for secure-delete or srm, or if not available you can take the package source from sourceforge

The Secure-Delete package comes with four commands:

  • srm Secure remove; used for deleting files or directories currently on your hard disk;
  • smem Secure memory wiper; used to wipe traces of data from your computer’s memory (RAM);
  • sfill Secure free space wiper; used to wipe all traces of data from the free space on your disk;
  • sswap Secure swap wiper; used to wipe all traces of data from your swap partition.

SRM

SRM is designed to delete data on mediums in a secure manner which can not be recovered by thiefs, law enforcement or other threats. The wipe algorythm is based on the paper “Secure Deletion of Data from Magnetic and Solid-State Memory” presented at the 6th Usenix security Symposium by Peter Gutmann, one of the leading civilian cryptographers.

The secure data deletion process of srm goes like this:

  1. 1 pass with 0xff
  2. 5 random passes. /dev/urandom is used for a secure RNG if available.
  3. 27 passes with special values defined by Peter Gutmann.
  4. 5 random passes. /dev/urandom is used for a secure RNG if available.
  5. Truncate the file

As an additional measure of security, the file is opened in O_SYNC mode and after each pass an fsync() call is done.
srm writes 32k blocks for the purpose of speed, filling buffers of disk caches to force them to flush and overwriting old data which belonged to the file.

Srm options:

  • -d ignore the two special dot files . and .. on the commandline. (so you can execute it like “srm -d .* *”)
  • -f fast (and insecure mode): no /dev/urandom, no synchronize mode.
  • -l lessens the security. Only two passes are written: one mode with 0xff and a final mode random values.
  • -l -l for a second time lessons the security even more: only one random pass is written.
  • -r recursive mode, deletes all subdirectories.
  • -v verbose mode
  • -z wipes the last write with zeros instead of random data

Some exampels with srm:

1) Delete a file using srm

#srm /tmp/myfile.txt

2) Delete a directory using srm

#srm -r /tmp/mydir/


The other tools of the suite

smem is designed to delete data which may lie still in your memory (RAM) in a secure manner. Note that with the new SDRAMs, data will not wither away when you turn off the computer but will be kept static and this can enable cold boot attacks

sfill is designed to delete data which lies on available diskspace on mediums in a secure manner

sswap is designed to delete data which may lie still on your swapspace in a secure manner

Conclusions

Please, when using these tools keep in mind that they add some security but they don’t guarantee that the data will not be recovered, about this wikipedia says:

The US government recommends complete physical destruction of hard disk data surfaces to guarantee secure data erasure. Presumably, this can be accomplished by abrasion, or by a small amount of thermite ignited over a large, well-ventilated pot containing sand.

Popular Posts:

flattr this!

  6 Responses to “Secure Deletion of Data in Linux – part 2”

  1. Suppose I have a file which contains sensitive information. Suppose that I first zero this file and afterwords I delete it.

    Let me know if there is _any_ linux/unix utility which recovers the original file.

  2. What about journaling filesystem like BTRFS ?
    File based deletion tools could be useless.

    • Yes, I wrote a note about this in part 1 of the article, so I’ve not re-posted this.

  3. Why not simply use shred(1) from the coretools package?

    • Like many thing in Unix, there is more than 1 way to do things, with this package you have also tools to “clean” memory, empty space and swap.

      I’ve covered shred in a former article.

      Best regards

  4. My own method for keeping safe is to use encrypted volumes for home etc instead, and today LUKS even work with TRIM on SSD disks.

    #/etc/crypttab
    home UUID=01234567-aaaa /etc/cryptokeys/home.key luks,discard

    #/etc/fstab
    /dev/mapper/home /home ext4 noatime,discard,commit=300,errors=remount

    When I want to ensure something gets deleted, I create a new partition, a new key-file, and create a new home partition, copying all the files I want to the new partition, and updating only /etc/crypttab to point to the new home partition instead of the old. After verifying I will overwrite the old key file and simply remove the old home partition. No more worries! It might have to be mentioned that I also have the “/” partition in a luks partition, so the previous key-file can no longer be recovered.

 Leave a Reply

(required)

(required)


*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>