# dd and secure deletion

## Voorhees51

I've read that you can use the dd if=/dev/urandom  to over write files with random stuff.

 I'm using this technique since shread does not work on ext3 filesystems.

 I want to know how can I specify the file size to stop at.  Example:

  file.txt is 2M  but when I  do

 dd if=/dev/urandom of=file.txt  it just keeps writing stuff until i do  ctrl + c to break it.

 Then when I look at the size of file.txt it is like 10M when I stopped it, and I'd assume if I'd let it go that it would keep getting larger and larger.

  So my quesiton is, is there a way to specify what size to stop at,  as per the example I want it to stop at 2M not keep going until I break it.

  Any help would be much appreciated  --thanks

----------

## Gherald

man dd and look at ibs= and count=

----------

## setagllib

The reason shred doesn't work on ext3 (and presumably other journalling file systems) is because overwriting files does not overwrite them, it writes instructions in the journal and the new data is on a new block somewhere. This is for safe roll-backs and so on. Therefore even dd'ing over data does NOTHING to it that deleting the file itself wouldn't do easier. The data is almost certainly still on the disk somewhere and will be until the rest of the disk space is exhausted and it has to recycle old blocks. At least, that is my understanding, but it's definitely the case for some FSs.

If you want to do this right, encrypt the whole partition using dm-crypt (RAID devices: Device Manager: Crypt Target [y], emerge cryptsetup). Gentoo has no sufficiently simple facility for auto-attaching encrypted devices like NetBSD's cgd does (it has rc scripts to do the job before fstab mounts everything but /) but you can, for instance, use PAM login to automatically attach and mount the volume. The performance is severely reduced but you won't usually notice outside of a benchmark or heavy load situation. If your hard disk is so likely to be stolen, or you want to hide data that will remain private even if the machine is compromised (but detach the crypt target when you do!), this will be very much worth it. Throw some strong crypto on your networking (OpenVPN is highly recommended for this) to really concrete it all.

Here are some Gentoo-centric pages on dm-crypt:

http://gentoo-wiki.com/SECURITY_dmcrypt

http://www.gentoo.org/proj/en/hardened/disk-cryptography.xml

After some practice you'll know how to do it off by heart. As far as encryption algorithms go, I recommend using AES/Rijndael for general use and Serpent for *really* secret data that doesn't need any performance at all. Using Blowfish, while fast, is not a /great/ idea because it is so far slightly more exploitable than AES, but it is of course much much better than nothing. If the implementation of dm-crypt is even half as sensible as cgd, it will use a new key and iv for each block, and hence the privacy damage received from a very lengthly key regression against Blowfish would be very small.

----------

## Voorhees51

So, is there no way to safely erase / delete files from an ext3 partition so they cannot be recovered.  As I would like to do this before I encrypt the partition, to ensure that they cannot be recovered

----------

## frostschutz

dding over a file never works, because it won't change the contents of an existing file, but delete it create a new one which is most likely not at the same position. I don't know about shred and ext3, but if it works with ext2, a quick & dirty solution would be to temporarily mount the ext3 partition as ext2, shred the file, and remount it as ext3 again.

----------

## Voorhees51

 *frostschutz wrote:*   

> dding over a file never works, because it won't change the contents of an existing file, but delete it create a new one which is most likely not at the same position. I don't know about shred and ext3, but if it works with ext2, a quick & dirty solution would be to temporarily mount the ext3 partition as ext2, shred the file, and remount it as ext3 again.

 

How would I go about mounting it as ext2 shreading it, and then remounting it as ext3?

----------

## Gherald

RTFM.

er, I mean...

```
umount /dev/blah

mount -t ext2 /dev/blah /mnt/point

shred /mnt/point/path/to/file

umount /dev/blah; mount /dev/blah
```

If it is your root, then boot from a livecd and execute the 2 middle commands...  or perhaps you can "mount -o remount -t ext2", but I do not know if it is possible to change the type when using -o remount... my guess would be not.

(often -o remount is combined with ,rw or ,ro to switch between read-only and read-write, but of course that has nothing to do with what you're doing)

----------

