User: Password:
|
|
Subscribe / Log in / New account

What about shred(1)?

What about shred(1)?

Posted Oct 13, 2011 7:34 UTC (Thu) by lemmings (guest, #53618)
In reply to: What about shred(1)? by pr1268
Parent article: Securely deleting files from ext4 filesystems

Yes and no.

With a magnetic hard disk, the writes from shred will overwrite the sectors which contain the data. There is a risk though of copies of the data being left on the platter in the event of bad sector remapping though.

With a SSD, the writes from shred will be to new flash segments. With flash memory, erases and writes are separate operations. A SSD keeps a number of pre-erased segments around which are used to hold new writes whilst the old segments are erased in the background.

At a higher level, depending on what applications manipulate the data, you may also have to watch out for deleted temporary copies of your file. A FS defiling tool (or at a minimum dd if=/dev/zero of=crud; shred -u crud) can help remove those traces.


(Log in to post comments)

What about shred(1)?

Posted Oct 13, 2011 8:57 UTC (Thu) by michaeljt (subscriber, #39183) [Link]

> A FS defiling tool (or at a minimum dd if=/dev/zero of=crud; shred -u crud) can help remove those traces.

Even better if that is build deeper into the filesystem, especially so that it can use the build-in capabilities of SSD drives. Or then again, perhaps not - from the article, "Secure discard handles the deletion internally to the device - perhaps just by marking the relevant blocks unreadable until something else overwrites them - eliminating the need to perform extra I/O from the kernel." Doesn't sound quite as safe as immediately overwriting the space.

What about shred(1)?

Posted Oct 14, 2011 2:41 UTC (Fri) by zlynx (subscriber, #2285) [Link]

An SSD might not securely delete the contents when requested.

On the other hand, it will almost certainly not delete the data if you attempt to delete by overwriting, because of wear leveling.

So going with secure delete/TRIM which will probably work, against overwriting which will probably not work, the choice is clear.

What about shred(1)?

Posted Oct 14, 2011 3:02 UTC (Fri) by raven667 (subscriber, #5198) [Link]

The choice is clear, yes, use full-disk encryption...Tools like shred are probably not worth your time.

key management

Posted Oct 17, 2011 14:19 UTC (Mon) by jpnp (subscriber, #63341) [Link]

So now you've exchanged a media wiping problem for a key management problem, hardly a panacea.

key management

Posted Oct 17, 2011 21:50 UTC (Mon) by raven667 (subscriber, #5198) [Link]

Maybe not a panacea but a far more understandable and tractable problem.

The alternative is storing everything in the clear and then making bad assumptions about how the underlying technology works so that you can try and fail to wipe the data when required because you don't really control or understand the underlying storage.

What about shred(1)?

Posted Oct 13, 2011 18:09 UTC (Thu) by arjan (subscriber, #36785) [Link]

I for one would not be surprised if magnetic disks start to do much more aggressive remapping for the non-bad-sector case to help performance(benchmarks) just in order to compete with SSD's...
so I'd be rather hesitant to declare this "SSD only".

And then there's caches on magnetic disks.. sometimes these are battery/capacitor backed... but they could be flash as well.

The paranoid better encrypt in the higher levels.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds