You can work around this by piping the large cat /dev/zero output output through split to generate multiple smaller files and adjust the shred and delete stages accordingly. The shred process with take a long time over a large file and unless you are trying to hide something from the NSA isn't really necessary IMO.Īll of the above should work on any filesystem.Īs DanMoulding points out in a comment below, this may have problems with file size limis on some filesystems.įor FAT32 it would definitely be a concern due to the 2GiB file limit: most volumes are larger than this these days (8TiB is the volume size limit IIRC). Note that in the above the small file is shredded before creating the larger, so it can be removed as soon as the larger is complete instead of having to wait for it to be shredded leaving the filesystem with zero free space for the time that takes. For more paranoia run multiple steps with /dev/urandom, though if you need that much effort the shred utility from the coreutils package is the way to go: dd if=/dev/zero of= bs=1024 count=102400 For a slightly more secure, but slower, variant replace /dev/zero with /dev/urandom. This should be enough to stop someone reading the old file contents without an expensive forensic operation. To reduce the time when freespace is completely zero: dd if=/dev/zero of= bs=1024 count=102400 There will be a time during this operation when there will be no free space at all on the filesystem, which can be tens of seconds if the resulting file is large and fragmented so takes a while to delete. (the sync command is a paranoia measure that ensures all data is written to disk - an intelligent cache manager might work out that it can cancel writes for any pending blocks when the file is unlinked) (run from a directory on the filesystem you want to wipe) The quickest way, if you only need a single pass and just want to replace everything with zeros, is: cat /dev/zero > zero.file srm writes 32k blocks for the purpose of speed, filling buffers of disk caches to force them to flush and overwriting old data which belonged to the file. 27 passes with special values defined by Peter Gutmann.Īs an additional measure of security, the file is opened in O_SYNC mode and after each pass an fsync() call is done.dev/urandom is used for a secure RNG if available. The secure data deletion process of srm goes like this: The wipe algorithm is based on the paper "Secure Deletion of Data from Magnetic and Solid-State Memory" presented at the 6th Usenix Security Symposium by Peter Gutmann, one of the leading civilian cryptographers. Srm is designed to delete data on mediums in a secure manner which can not be recovered by thiefs, law enforcement or other threats. Sswap - wipe all the data from you swap space. Sfill - wipe all the space marked as empty on your hard drive Smem - securely delete traces of a file from ram You can use a suite of tools called secure-delete. Also see How can I reliably erase all information on a hard drive? The only safe ways of wiping data are the ATA Secure Erase command (if implemented correctly), or physical destruction. Warning: Modern disk/SSD hardware and modern filesystems may squirrel away data in places where you cannot delete them, so this process may still leave data on the disk.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |