shred didn't shred

[Matt 6:27]

Right, I understand the journaled file issue, but read somewhere on the forum that shred will work on ext3 and ext4 file systems. Is that not the case?

With respect to encrypting my files, that works fine except, as you know, it creates a new .gpg file, but retains the original. If shred can't chew up that original, the encryption and brick method doesn't really add anything... except a bump and a headache.

The more I look at this issue, the more I view it as a genuine security matter. Merely encrypting a file does not ensure its privacy. As stated above, obviously at some point you have to decrypt it to use the file, and at that point, it becomes vulnerable to file recovery applications. E.g., a basic photorec scan has recovered multiple iterations of a file I routinely decrypt (if only briefly), view/modify, then re-encrypt & shred the original.

Short of a complete degaussing, drive re-format, or high speed drill bit through the disk platters, what are people doing to ensure old files can't be recovered?

[HermanAB]

No, don't just encrypt a file - first encrypt the 'whole disk'. If your 'whole disk' is encrypted, then you can use gpg to encrypt individual files for export to other systems, eg Dropbox, because all the temporary files stored in random places on your system are then encrypted too.

[Matt 6:27]

No, don't just encrypt a file - first encrypt the 'whole disk'. If your 'whole disk' is encrypted, then you can use gpg to encrypt individual files for export to other systems, eg Dropbox, because all the temporary files stored in random places on your system are then encrypted too.

Ok, so the individual files are encrypted, not just their directories?

Sounds like I'm in for a re-install, unless there's a way to encrypt the whole drive w/o reformatting/reinstalling.

As to the first part of my question: is there no way to permanently shred (for lack of a better term) files on my ext4 system?

Thanks

[Backtrack2012]

As to the first part of my question: is there no way to permanently shred (for lack of a better term) files on my ext4 system?

I'm finding myself in a similar situation. At installation of Ubuntu 12.10, I didn't select full disk encryption. I am also looking at a reinstall. I came across this thread while researching backups, reinstalls, and secure data deletion. Here's what I've learned so far.

Paraphrased from the Shred Manual (in terminal: man shred): Shred relies on assumption that the file system overwrites data in place. Many modern file system designs do not satisfy this assumption. This includes journaled file systems like Ext3 and Ext4. My Ubuntu 12.10 install is an Ext4 journaled file system. Shred will have limited effectiveness with these files.

What I've found out about Secure Delete (search in Ubuntu Software Center): Secure Delete is a more advanced version of the “shred” command. Instead of just overwriting your files with random data, Secure Delete uses a combination of random data, zeros, and special values developed by cryptographer Peter Gutmann to ensure files are irrecoverable. It also assigns a random value for the filename to further obscure data.

My DuckDuckGo and Google search of "does secure delete work on journaled file systems" brought up a number of articles and discussions, including here on Ubuntu Forum. This one is a good start: http://techthrob.com/2010/10/04/do-s...d-filesystems/

I see your last entry was last November. What were your solutions?

[HermanAB]

The only secure way to erase a disk is by invoking a special routine that is in the disk controller of every drive made in the last ten years or more. The disk controller can make the head travel over the whole disk, including the space between tracks and in bad sectors.

Ordinary software cannot do that while the disk controller is in normal operation mode. Programs like shred can only work on the file system, on tracks and on good sectors. Shred cannot write to the file system journal, write between tracks or write to bad sectors. You can invoke the secure delete utility from hdparm.

Here is the whole story:
http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml

The only other secure way to handle the erase issue is by encrypting the whole disk when you install Linux. Then to erase the disk, you just forget the key.

One method that is better than shred and its ilk is dd (or cat). Data Definition can write over the whole disk on all tracks, including journals, but it still cannot write between tracks or on bad sectors. For practical purposes though, if you use dd to write /dev/urandom over the whole disk, your data is as good as gone. Only the military may be able to recover some of it.

[pixiq]

The only secure way to erase a disk is by invoking a special routine that is in the disk controller of every drive made in the last ten years or more. The disk controller can make the head travel over the whole disk, including the space between tracks and in bad sectors.

Ordinary software cannot do that while the disk controller is in normal operation mode. Programs like shred can only work on the file system, on tracks and on good sectors. Shred cannot write to the file system journal, write between tracks or write to bad sectors. You can invoke the secure delete utility from hdparm.

Here is the whole story:
http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml

The only other secure way to handle the erase issue is by encrypting the whole disk when you install Linux. Then to erase the disk, you just forget the key.

One method that is better than shred and its ilk is dd (or cat). Data Definition can write over the whole disk on all tracks, including journals, but it still cannot write between tracks or on bad sectors. For practical purposes though, if you use dd to write /dev/urandom over the whole disk, your data is as good as gone. Only the military may be able to recover some of it.

I conclude that you recommend encrypting the whole disk. What about Ubuntu's encrypted home, that is offered at the installation?

Please describe how to run this SecureErase from hdparm! I guess it should be used for all of us who have not yet encrypted our disks, and want to wipe all traces.

[zero2xiii]

Hay,

Will "dd if=/dev/null" not solve the issue?

It writes null to the entire file location on the drive, thus overwriting the content on disc.

When ever I want to securely erase files I run this command on the file:

Code:

dd if=/dev/urandom of=/path/to/file bs=512

Just a thought.

Cheers