Any way to secure-erase a file?

ax0n · Post by **ax0n** » Thu Feb 08, 2007 8:03 pm

Is there any way to securely erase a file in place with newLISP? I mean, a way to access the actual blocks on the device to make sure that you are over-writing the location where the file was stored, instead of simply making a new file with the same time?

Lutz · Post by **Lutz** » Thu Feb 08, 2007 8:28 pm

this utiity would write random characters into the file before deleting it, the script also checks for the existence of the file.

Code: Select all

#!/usr/bin/newlisp

(set 'file (main-args 2))

(if (file? file)
    (set 'size (file-info file 0))
    (exit))

(set 'handle (open file "update"))
(for (i 0 size)
    (write-char handle (rand 255)))
(close handle)

(delete-file file)

(exit)

Lutz

nigelbrown · Post by **nigelbrown** » Thu Feb 08, 2007 10:25 pm

Actually wiping data can be quite complex e.g. see http://www.usenix.org/publications/libr ... s/gutmann/ . And smart drives with cache and file systems that will sideline old data and write a new block under some conditions are problematical.
It depends on how secure you want to put the effort in to become.
Maybe call a proven utility to do it.
Nigel

ax0n · Post by **ax0n** » Thu Feb 08, 2007 10:32 pm

nigelbrown wrote:Actually wiping data can be quite complex e.g. see http://www.usenix.org/publications/libr ... s/gutmann/ . And smart drives with cache and file systems that will sideline old data and write a new block under some conditions are problematical.
It depends on how secure you want to put the effort in to become.
Maybe call a proven utility to do it.
Nigel

I know the problems, it's kind of why I asked. Simply writing data to a file before erasing won't always overwrite the physical location on the disk. Matter of fact, it usually won't overwrite those blocks, it will just write the file out wherever convenient and change the catalog to match.

I have a whole host of "wipe" utilities at my disposal.

cormullion · Post by **cormullion** » Thu Feb 08, 2007 10:51 pm

well this is probably over my head, but there's srm on MacOS X:

Code: Select all

(exec "srm /Users/me/Desktop/secret.txt")

There's some fun-looking options -

Code: Select all

-m, --medium
              overwrite the file with 7 US DoD compliant passes  (0xF6,  0x00,              0xFF, random, 0x00, 0xFF, random)

I just wish I had something secret enough to be worth deleting so completely. :-)

ax0n · Post by **ax0n** » Fri Feb 09, 2007 1:16 am

That's nice, I'm actually using OS X most of the time. I didn't realize it had that feature. And actually Wietse Venema (I think it was him) said that absolutely no software could ever recover data that was simply overwritten one time. Data recovery methods beyond that scale have to occur on an electron microscope.

In the other thread I've been posting in, you can see that I'm dealing with cryptography (simple, but cryptography all the same). So it's not that I have anything to hide or worth hiding, however, remnants of the files related to the encryption can create a vulnerability if recovered from media.

nigelbrown · Post by **nigelbrown** » Fri Feb 09, 2007 2:40 pm

ax0n wrote: however, remnants of the files related to the encryption can create a vulnerability if recovered from media.

Perhaps you could use newlisp to generate a few thousand decoy files ( a few hundred megs total to flood disk cache) then delete them so that the deleted remnants are buried in the deleted dross. A bit like "Chaffing and Winnowing: Confidentiality without Encryption" http://theory.lcs.mit.edu/~rivest/chaffing.txt .

Nigel

newdep · Post by **newdep** » Fri Feb 09, 2007 3:09 pm

It all depends on your Filesystem type..

In some unix environments you dont want to try and recover lost files
because the OS already took care of reassigning the I-nodes that came free..(I-nodes are the main key here, thats why recovering files on i.e. Linux ext2 ext3 is a hard thing to do..)

So perhaps you dont even need to cover them up after all ;-)