[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: ext3 and secure deletion of files and file slack

On Fri, 8 Nov 2002 17:25:04 +0000
"Stephen C. Tweedie" <sct redhat com> wrote:

> > Can anyone please tell me if I am right in assuming that ext3
> > does not care about file slack?
> What do you mean, exactly?

Always a good question :)

I had in mind the situation in which files have been deleted but
their contents have not been overwritten - I do appreciate that
Big Powerful Agencies can see past that, but I don't believe I am
on their List of Suspects.

My concern is that I have accumulated a good
deal of my clients' data (some of it in the form of emails to and
from me), on this machine, whose location is not exactly Fort
Knox.  I can use a secure deletion utility (like fwipe) on future
files I create but, (a) there is a legacy of old deleted files,
(b) I am not sure how I could use something like that on, eg, an
individual email deleted by my MUA (which happens to be
sylpheed).  What I have in my (possibly naive and uninformed),
mind is a "sledgehammer" to run from time to time which will
simply overwrite all space on a given partition that is not
presently marked as containing live files.  I hoped that sfill
would do that for me.

Since writing my last post I have compiled secure_delete, - it is
in fact about 2 years old now and took a good deal of googling to
find. I am going to put the sfill manpage below.  sfill.c is
actually quite short (about 10k), but don't won't clutter the
list with it unless someone asks me to.



       sfill  -  secure  free  diskspace  wiper  (secure_deletion

       sfill [-f] [-l] [-l] [-v] directory/mountpoint

       sfill is designed to delete data which lies  on  available
       diskspace  on  mediums in a secure manner which can not be
       recovered by thiefs, law  enforcement  or  other  threats.
       The  wipe algorythm is based on the paper "Secure Deletion
       of Data from Magnetic and Solid-State Memory" presented at
       the 6th Usenix Security Symposium by Peter Gutmann, one of
       the leading civilian cryptographers.

       The secure data deletion process of sfill goes like this:

       *      1 pass with 0xff

       *      5 random passes. /dev/urandom is used for a  secure
              RNG if available.

       *      27 passes with special values defined by Peter Gut-

       *      5 random passes. /dev/urandom is used for a  secure
              RNG if available.

       -f     fast  (and insecure mode): no /dev/urandom, no syn-
              chronize mode.

       -l     lessens the security. Only two passes are  written:
              one  mode  with  0xff  and a final mode with random

       -l     -l for a second  time  lessons  the  security  even
              more: only one random pass is written.

       -v     verbose mode

       directory/mountpoint this is the location of the file cre-
       ated in your filesystem. It should lie  on  the  partition
       you want to write.

       NFS    Beware  of  NFS.  You  can't ensure you really com-
              pletely wiped your data from the remote disks.

       Raid   Raid Systems use stripped disks and have got  large
              caches. It's hard to wipe them.

       swap   Some  of  your  data  might  have  a  copy  in your
              swapspace.  sswap is available for this task.
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]