Secure unused disk space wipes, dd and shred
I understand ext2 is the only viable file system to securely delete files and wipe unused areas of the disk due to no journeling.
Which is the most secure method for wiping unused areas of the disk; 1.) dd if=/dev/urandom of=/mnt/hda1 bs=4M 2.) dd if=/dev/urandom of=/mnt/hda1/foo.img bs=4M shred -uvz -n 7 /mnt/hda1/foo.img Is shredding a large artificially created file that takes up unused space on disk better than dd because you could control how many times you can write over the file with shred vs. only once with each dd operation?. Thank you Akonbobot |
You can wipe files just fine from an ext3 or journaled file system. The problem is in removing the file NAME. That'll stick around in weird spots. I'm no expert though, so take my advice with a grain or 3 of salt.
David |
Quote:
Residual (log) data is the exposure, not the filename. For general usage, simple overwriting (of any means) is generally sufficient. If you are trying to hide something from the "spooks", good luck ... |
Pardon me, I've mis focused the question, again...
In an ext2 file system, which method below is more secure for wiping unused disk space ? 1.) dd if=/dev/urandom of=/mnt/hda1 bs=4M 2.) dd if=/dev/urandom of=/mnt/hda1/foo.img bs=4M shred -uvz -n 7 /mnt/hda1/foo.img Thank you. Akonbobot |
Quote:
Second, using dd does not make sense for trying to erase just part of a partition (file system). (How would you know which part to erase?) In example #2, what is your intent? It LOOKS like it would write random data to a file named "foo.img" on hda1 until either the partition or the entire drive was full. I don't think it erases anything, but I have no system that I can try it on. The secure way to erase is with several passes of random data and all zeros. Finally, I think "shred" is used for secure erase of just one file (or directory?) |
The intent is;
To securely wipe a single partition (/dev/hda1). Method 1: dd if=/dev/urandom of=/dev/hda1 Method 2: sudo mount /dev/hda1 /media/hda1 dd if=/dev/zero of=/media/hda1/foo.img shred -uvz -n 7 /media/hda1/foo.img [Method 1] will write 1 pass, Method 2 creates a fake file (foo.img) until the disk is full, then uses shred to delete that file 7 times. Does that mean that Method 2 is superior to a dd pass ? Thanks again. Akonbobot |
As I said, I don't know what method 2 does, and I have no machine on which I can take the risk of trying.
My hunch is that you are better off just writing directly to the raw device--multiple passes. I have never seen any actual data, but I would doubt that the average person would find anything after two random passes and then all zeros. |
sfill from the 'secure_deletion toolkit' might be what you are looking for. It wipes unused space on a drive. From the man page:
Code:
The secure data deletion process of sfill goes like this: |
Quote:
You can also use DBAN, which includes the military standard routines. |
I have used something similar to zero-fill empty space on a partition before using dd to create an image. Such an image will compress better.
Use df to determine how many blocks are left. Use the same block size in your dd command as the df command shows and use number of free blocks for the "count=" in the dd command. You may need to subtract a block from the count to leave space for the directory change. Then you can use shred on the file as well. More than 5 sweeps is probably overkill. Your first method would wipe out files as well as free space. |
I think you can just do 'shred /dev/hda1', without the unlink (-u). If you're really concerned about wiping, you may wish to /dev/random, which is stronger "randomness" than urandom, but will take much longer.
From the manpage: Quote:
The method of writing a file then shredding the file might not consume all the space that was on the partition, depending on how it is written to the filesystem. As far as journaling filesystems go, ext3, xfs and friends- I've heard they are not acceptable for secure deletion. http://www.slac.stanford.edu/comp/un...ure-erase.html Quote:
http://www.gentooportage.info/portag...re-delete.html Quote:
|
All times are GMT -5. The time now is 10:11 AM. |