# How to wipe (zero) a swap partition and deleted files?

## malern

What's the best way to zero a swap partition after use? This site recommends

```
swapoff /dev/sda2

dd if=/dev/zero of=/dev/sda2
```

Is that a good idea? Will linux be able to use a completely blank swap partition without having to use mkswap on it again first?

Also, it is my understanding that when a file is deleted it is normally only marked as deleted by the filesystem, the contents aren't actually wiped out. Are there any programs that will let you wipe out the contents (i.e. zero any unused space on the disk)? I've seen programs that will securely delete existing files, but not anything that will sanitise already deleted files.

My main reason for wanting to do this is because I have just installed Gentoo on VMWare and need to compress and send the disk image over the internet. I'm assuming it will compress much more if most of the disk image is just zeros. I'd also rather not leave any unneeded data as part of the image, for security reasons.

----------

## i92guboj

 *malern wrote:*   

> What's the best way to zero a swap partition after use? This site recommends
> 
> ```
> swapoff /dev/sda2
> 
> ...

 

Yes, no problem. If you are paranoid, you can use this instead. 

```
swapoff /dev/sda2

dd if=/dev/urandom of=/dev/sda2
```

If if you are a real masochist, you can repeat it many times. This is because, at logival level, if you zero the partition there will be only zeros. But at physical level, some traces remains, which can be measured and recovered with very specialized equipment. Just in case you are afraid that the NSA is going to invade your home.

 *Quote:*   

> 
> 
> Also, it is my understanding that when a file is deleted it is normally only marked as deleted by the file system, the contents aren't actually wiped out. Are there any programs that will let you wipe out the contents (i.e. zero any unused space on the disk)? I've seen programs that will securely delete existing files, but not anything that will sanitise already deleted files.
> 
> 

 

It is just unlinked from the file system. Once you do that, the data remains on the hard drive (until it is overwritten) but there is no way it can be accessed via the file system. You can still use a disk editor and dive amongst all your gigabytes searching for known strings or sequences of bytes. If you find something in that editor you can save that data into a file, making it accessible again via the file system.

I know no concrete tool to zero out your free space, but I think that that tool must exist. Sorry.

As you say, there are plenty of tools to wipe out a file while you are erasing it.

----------

## UncleOwen

 *i92guboj wrote:*   

> I know no concrete tool to zero out your free space, but I think that that tool must exist. Sorry.

 

There is. It's called 'dd'. Just write to a new file, until the partition is full (you need to be root to do this).

----------

## i92guboj

Ouch, did not think about that hehe   :Laughing: 

Wonderful and easy solution   :Very Happy: 

----------

## Hu

 *malern wrote:*   

> My main reason for wanting to do this is because I have just installed Gentoo on VMWare and need to compress and send the disk image over the internet. I'm assuming it will compress much more if most of the disk image is just zeros. I'd also rather not leave any unneeded data as part of the image, for security reasons.

 

If you did not preallocate the disk, then you are better off not trying to zero the free space.  In such a situation, VMware will allocate the space in a sparse manner, so zeroing sectors which have never been written will force VMware to allocate space for them.

For swap: you need to mkswap it again after you clear it.

----------

## user118696

There is also a coreutils app simply made for this : shred. You may want to try it if you are (as said) paranoid!

----------

## schachti

If you securely delete the contents regularly (for example before powering down), you could also think about encrypting your swap.

Just add

```

swap=crypt-swap

source='/dev/sda3'

options='-c aes-cbc-essiv:sha256 -h sha256 -s 256 -d /dev/urandom'

```

to /etc/conf.d/cryptfs (replace sda3 by your swap partition) and modify the corresponding entry in /etc/fstab to

```

/dev/mapper/crypt-swap none swap sw 0 0

```

(and make sure that AES, SHA256, device mapper support and the crypt support for device mapper are compiled into your kernel).

----------

## malern

Thanks for the advice guys, that's answered all my questions and more, this forum is great!

----------

