# Journal FS Secure Delete  [SOLVED]

## HeXiLeD

Hi.

while i was looking for some secure delete file software i came across some doubts.

Frist i would like to know what software would you guys recommend to ensure that files are completely deleted without any possibility 

of recovering.

I know that there are some ways  to do it manually but im still looking for a good tool.

While searching for some tools i found "wipe", but i also read that its doesnt work with reiserfs fs.

```
*  app-misc/wipe

      Latest version available: 2.2.0

      Size of downloaded files: 68 kB

      Homepage:    http://wipe.sourceforge.net/

      Description: Secure file wiping utility based on Peter Gutman's patterns

      License:     GPL-2

```

So far i have been using "shred". 

```
sys-apps/coreutils-5.2.1-r7 (/usr/bin/shred)
```

Is shred as good as wipe ? 

Does shred works properly with reiserfs ?

more doubts came when i read this :

http://en.wikipedia.org/wiki/File_wipe#Why_use_File_Wipe.3F

 *Quote:*   

> Negatively, wiping a file takes much longer than simply deleting it and can, over time, decrease the life of your magnetic media

 

Is this true ?

If it is, what is the alternative ?

----------

## drwook

well, more reading and writing can reduce the life of the media.  A disk on a heavily used file server will probably die noticably quicker than the drive the same server boots off (given same type of disk and significantly less IO on the boot drive)

But affect on lifespan is probably not something that should be a major concern as I doubt something like this would cause much of a hit to it.

Depending on how paranoid you are, just write a script that does x passes of 'dd if=/dev/random of=/file/to/be/deleted' maybe followed by a 'dd if=/dev/zero of=/file/to/be/deleted' and a final rm '/file/to/be/deleted'.  Obviously it won't be quite that simple (i.e. read 'man dd' to work out what else you need to do with it) but functionally should be a good starting point for what you're after.

----------

## thehailo

Last I checked neither shred nor wipe were effective on journaled file systems, including ext3, XFS, JFS, and ReiserFS.

A good alternative if it makes sense on your system is to use encrypted partitions so secure deletion isn't needed in the first place, but only adds another layer of protection.

----------

## HeXiLeD

yes i agree with you thehailo.

so im still wondering about drwook advice  about making a script to do it.

Does 'dd' will work on journaled file systems ?

anyway .. encryption  has always been my main choice, but someone told me that in linux we can only do it in a certian way and not for the full HD

Is this correct ?

what are my options ?

----------

## thehailo

 *Blue-Steel wrote:*   

> yes i agree with you thehailo.
> 
> so im still wondering about drwook advice  about making a script to do it.
> 
> Does 'dd' will work on journaled file systems ?
> ...

 

I'm not sure about dd. I do know however that Linux encryption can be made to do anything you want it to, as is the open source way. I've encrypted files, directories, partitions, and entire hard disk's. Check the Gentoo Wiki for good documentation.

----------

## PMcCauley

The reason why ALL tools that would wipe a single file may not work on journal filesystem is because the journal filesystem may not write to the same place as you intend to delete.  Any program that bypasses the filesystem by erasing /dev/hda for example will be effective.  Also if you wiped all freespace that should be effective.  To save wear and tear on the drive encrypt filesystems sounds like a good idea.  Just to reclarify when you access a filesystem through a mount point it points to the real partition but all data passes through the filesystem driver.  Eg access /mnt/hda1.  Now if you access /dev/hda directly that does not happen.

Patrick

----------

## yabbadabbadont

One other thing to consider, with modern drives even wiping the raw drive or partition device (/dev/hda /dev/hda1) may not do the job.  Some drives automatically, and silently, remap sectors that start to have errors.  In this case, the original data is still on the drive at the location of the bad sector and might be recoverable.  I don't have the link handy, but I read an article by the original author of the paper on secure deletion of magnetic media.  (the one everyone refers to when creating wiping utilities)  His current advice is, as was mentioned by a previous poster, to use strong encryption for your data.  When disposing of the media, overwrite it with several (at least 7 or eight) passes of random data then, if possible, physically destroy the media.

Edit: Damn smilies.  I should have disabled them when I originally posted...

----------

## HeXiLeD

After doing some reading around  i have to agree on this:

PMcCauley

 *Quote:*   

> The reason why ALL tools that would wipe a single file may not work on journal filesystem is because the journal filesystem may not write to the same place as you intend to delete. 

 

Usually they dont. In fact this is also one reason why they dont need to be defragged.

In short words, fragmentation happens when  the OS decides to put 1 file in 2 or more different places that are to small  to 'store' the full file. (Linux plays it smarter here than windows) 

However because of the fact that linux may not and usually doesnt write in the same place as before

 *Quote:*   

> Any program that bypasses the filesystem by erasing /dev/hda for example will be effective. Also if you wiped all freespace that should be effective

 

yabbadabbadont

 *Quote:*   

> One other thing to consider, with modern drives even wiping the raw drive or partition device (/dev/hda /dev/hda1) may not do the job. Some drives automatically, and silently, remap sectors that start to have errors. In this case, the original data is still on the drive at the location of the bad sector and might be recoverable.

 

 *Quote:*   

> His current advice is, as was mentioned by a previous poster, to use strong encryption for your data. When disposing of the media, overwrite it with several (at least 7 or eight) passes of random data then, if possible, physically destroy the media.

 

The military and govermental places recommend at least 7 times. Most good windows secure deletion programs even refer to the 7th time as "military wipe'.

Conclusion: 

a) secure delete in the journal filesystem is only trully achived by completely fill up that hard drive with data up to the point that one cannot fit another byte there and then, run the secure deletion tool to do its job at last 7 times and add a final overwrite with zeros to hide shredding/wipping.

Some tools such as 'shred' allow it 25 times !

b) Destroy the HD by drilling as many holes as you find in a fly swaper.

c) Dont use a jornal filesystem

d) as an option to destroy data, one can secure it, saving himself from the secure deletion problem.

I will consider this topic SOLVED to the current date  of my post.

Ps: if anyone finds a new way... please post it.

----------

## codergeek42

This is one thing that is cool about Ext3: You can unmount it and remount it as Ext2 (i.e., with no journalling). 

From my experiences, it's as simple as just changing the filesystem types in /etc/fstab from 'ext3' to 'ext2' and rebooting (if it's your root filesystem or something in use); or simply unmounting it then passing the '-t ext2' option to mount when you remount it.

----------

## arpunk

 *Blue-Steel wrote:*   

> Some tools such as 'shred' allow it 25 times !

 

The secure-delete package (on portage) allows 38 passes  :Smile: 

According to its man page:

```

       The secure data deletion process of sfill goes like this:

       *      1 pass with 0xff

       *      5 random passes. /dev/urandom is used for a secure  RNG  if  available.

       *      27 passes with special values defined by Peter Gutmann.

       *      5  random  passes.  /dev/urandom is used for a secure RNG if available.

```

----------

