LinuxQuestions.org - Secure unused disk space wipes, dd and shred

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - Secure unused disk space wipes, dd and shred (https://www.linuxquestions.org/questions/linux-security-4/secure-unused-disk-space-wipes-dd-and-shred-627070/)

Secure unused disk space wipes, dd and shred

I understand ext2 is the only viable file system to securely delete files and wipe unused areas of the disk due to no journeling.

Which is the most secure method for wiping unused areas of the disk;

1.) dd if=/dev/urandom of=/mnt/hda1 bs=4M

2.) dd if=/dev/urandom of=/mnt/hda1/foo.img bs=4M
shred -uvz -n 7 /mnt/hda1/foo.img

Is shredding a large artificially created file that takes up unused space on disk better than dd because you could control how many times you can write over the file with shred vs. only once with each dd operation?.

Thank you
Akonbobot

You can wipe files just fine from an ext3 or journaled file system. The problem is in removing the file NAME. That'll stick around in weird spots. I'm no expert though, so take my advice with a grain or 3 of salt.

David

Quote:

Originally Posted by budword (Post 3084432)

You can wipe files just fine from an ext3 or journaled file system.

Only if you can guarantee (*all*) updates are done "in-place". A default ext3 install is generally o.k.
Residual (log) data is the exposure, not the filename.

For general usage, simple overwriting (of any means) is generally sufficient. If you are trying to hide something from the "spooks", good luck ...

Pardon me, I've mis focused the question, again...

In an ext2 file system, which method below is more secure for wiping unused disk space ?

1.) dd if=/dev/urandom of=/mnt/hda1 bs=4M

2.) dd if=/dev/urandom of=/mnt/hda1/foo.img bs=4M
shred -uvz -n 7 /mnt/hda1/foo.img

Thank you.
Akonbobot

Quote:

Originally Posted by Akonbobot (Post 3084498)

First, if you are "wiping" an entire drive (or partitions) with a low-level command like dd, then the filesystem makes NO difference.

Second, using dd does not make sense for trying to erase just part of a partition (file system). (How would you know which part to erase?)

In example #2, what is your intent? It LOOKS like it would write random data to a file named "foo.img" on hda1 until either the partition or the entire drive was full. I don't think it erases anything, but I have no system that I can try it on.

The secure way to erase is with several passes of random data and all zeros.

Finally, I think "shred" is used for secure erase of just one file (or directory?)

The intent is;
To securely wipe a single partition (/dev/hda1).

Method 1:
dd if=/dev/urandom of=/dev/hda1

Method 2:
sudo mount /dev/hda1 /media/hda1
dd if=/dev/zero of=/media/hda1/foo.img
shred -uvz -n 7 /media/hda1/foo.img

[Method 1] will write 1 pass, Method 2 creates a fake file (foo.img) until the disk is full, then uses shred to delete that file 7 times.

Does that mean that Method 2 is superior to a dd pass ?

Thanks again.
Akonbobot

As I said, I don't know what method 2 does, and I have no machine on which I can take the risk of trying.

My hunch is that you are better off just writing directly to the raw device--multiple passes. I have never seen any actual data, but I would doubt that the average person would find anything after two random passes and then all zeros.

sfill from the 'secure_deletion toolkit' might be what you are looking for. It wipes unused space on a drive. From the man page:

Code:

 The secure data deletion process of sfill goes like this:



      *      1 pass with 0xff



      *      5 random passes. /dev/urandom is used for a secure RNG if avail‐

              able.



      *      27 passes with special values defined by Peter Gutmann.



      *      5 random passes. /dev/urandom is used for a secure RNG if avail‐

              able.

Sounds pretty thorough.

Quote:

Originally Posted by rupertwh (Post 3084888)

Sounds pretty thorough.

Sounds like overkill to me...

You can also use DBAN, which includes the military standard routines.

I have used something similar to zero-fill empty space on a partition before using dd to create an image. Such an image will compress better.

Use df to determine how many blocks are left. Use the same block size in your dd command as the df command shows and use number of free blocks for the "count=" in the dd command. You may need to subtract a block from the count to leave space for the directory change. Then you can use shred on the file as well. More than 5 sweeps is probably overkill.

Your first method would wipe out files as well as free space.

I think you can just do 'shred /dev/hda1', without the unlink (-u). If you're really concerned about wiping, you may wish to /dev/random, which is stronger "randomness" than urandom, but will take much longer.

From the manpage:

Quote:

Delete FILE(s) if --remove (-u) is specified. The default is not to
remove the files because it is common to operate on device files like
/dev/hda, and those files usually should not be removed.

The method of writing a file then shredding the file might not consume all the space that was on the partition, depending on how it is written to the filesystem.

As far as journaling filesystems go, ext3, xfs and friends- I've heard they are not acceptable for secure deletion.

http://www.slac.stanford.edu/comp/un...ure-erase.html

Quote:

One major problem with all of these utilities is that most modern file systems use techniques called "journaling" or "logging" to help prevent file system corruption. Unfortunately, these techniques can also make it nearly impossible to ensure that all traces of a file's data get overwritten unless you are willing to completely wipe out all data on the disk.

In fact, Gentoo's Portage specifically warns about sfill,srm etc:

http://www.gentooportage.info/portag...re-delete.html

Quote:

ewarn "sfill and srm are useless on journaling filesystems,"
ewarn "such as reiserfs or XFS."
ewarn "See documentation for more information."

Make sure you're taking care of swap space, too.