Not logged in
Log in now
Create an account
Subscribe to LWN
Pencil, Pencil, and Pencil
Dividing the Linux desktop
LWN.net Weekly Edition for June 13, 2013
A report from pgCon 2013
Little things that matter in language design
Does this mean that using shred -u on files on an Ext4 FS are in vain?
What about shred(1)?
Posted Oct 13, 2011 6:56 UTC (Thu) by djwong (subscriber, #23506)
Posted Oct 13, 2011 7:34 UTC (Thu) by lemmings (subscriber, #53618)
With a magnetic hard disk, the writes from shred will overwrite the sectors which contain the data. There is a risk though of copies of the data being left on the platter in the event of bad sector remapping though.
With a SSD, the writes from shred will be to new flash segments. With flash memory, erases and writes are separate operations. A SSD keeps a number of pre-erased segments around which are used to hold new writes whilst the old segments are erased in the background.
At a higher level, depending on what applications manipulate the data, you may also have to watch out for deleted temporary copies of your file. A FS defiling tool (or at a minimum dd if=/dev/zero of=crud; shred -u crud) can help remove those traces.
Posted Oct 13, 2011 8:57 UTC (Thu) by michaeljt (subscriber, #39183)
Even better if that is build deeper into the filesystem, especially so that it can use the build-in capabilities of SSD drives. Or then again, perhaps not - from the article, "Secure discard handles the deletion internally to the device - perhaps just by marking the relevant blocks unreadable until something else overwrites them - eliminating the need to perform extra I/O from the kernel." Doesn't sound quite as safe as immediately overwriting the space.
Posted Oct 14, 2011 2:41 UTC (Fri) by zlynx (subscriber, #2285)
On the other hand, it will almost certainly not delete the data if you attempt to delete by overwriting, because of wear leveling.
So going with secure delete/TRIM which will probably work, against overwriting which will probably not work, the choice is clear.
Posted Oct 14, 2011 3:02 UTC (Fri) by raven667 (subscriber, #5198)
Posted Oct 17, 2011 14:19 UTC (Mon) by jpnp (subscriber, #63341)
Posted Oct 17, 2011 21:50 UTC (Mon) by raven667 (subscriber, #5198)
The alternative is storing everything in the clear and then making bad assumptions about how the underlying technology works so that you can try and fail to wipe the data when required because you don't really control or understand the underlying storage.
Posted Oct 13, 2011 18:09 UTC (Thu) by arjan (subscriber, #36785)
And then there's caches on magnetic disks.. sometimes these are battery/capacitor backed... but they could be flash as well.
The paranoid better encrypt in the higher levels.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds