Please read http://www.vidarholen.net/~vidar/overwriting_hard_drive_data.pdf
I think it's time to stop propagating the Guttman lies. Overwriting more than once does not help. Paul 'WEiRD' de Weerd On Wed, Jul 25, 2012 at 10:01:13AM -0500, Todd T. Fries wrote: | Penned by Christian Weisgerber on 20120725 9:37.07, we have: | | Ted Unangst <t...@tedunangst.com> wrote: | | | | > So I'm wiping a file from a fairly slow USB stick and it's taking | | > forever. I don't really give a shit about some guy with a quantum | | > tachyon microscope taking it apart, | | | | But if you do, overwriting with a constant pattern is stupid. You | | want to overwrite the old data with random bytes, effectively running | | a stream cipher on any remnant signal. | | | | (And forget about this with flash media, where you each write to | | the same logical block may end up in different physical blocks.) | | | | > I just want the files to be gone | | > enough that a simple undelete tool won't bring them back. The three | | > wipes is the charm approach of rm -P is a little heavy handed. | | > | | > What I propose is making -P wipe the file once each time it's | | > provided. I get the simple whack the data for good option I want, the | | > paranoid weirdos get the rm `jot -b -P 4096` scrubber they want. | | | | Replace the memset() in pass() with arc4random_buf() and I'm starting | | to like it. | | There is a paper entitled "Secure Deletion of Data from Magnetic and Solid-State Memory" | from the Sixth (6th) Annual USENiX Security Symposium that talks about this. | | For the extreme bit twiddling bunch, the recommendation is to use 35 rounds. | 1-4 using /dev/arandom | 5-31 using Guttman's deterministic patterns | 32-35 using /dev/arandom again | | I've seen diffs proposed to do this in 'rm' before introduce another flag. | | I could easily see how we could do parts of the above until 35 -P's are given. | | Also, consider the ramdisks, and make -P become something that is not compiled | `#ifdef SMALL'. | | One could, alternately, provide a 'secrm' alias to call some other tool to do | the bit wiping and finally call rm. | | I won't complain what happens either way, but I would be rather pleased if something | of the Guttman's recommondations could be incorporated for high counts of -P. | | Thanks, | -- | Todd Fries .. t...@fries.net | | _____________________________________________ | | \ 1.636.410.0632 (voice) | | Free Daemon Consulting, LLC \ 1.405.227.9094 (voice) | | http://FreeDaemonConsulting.com \ 1.866.792.3418 (FAX) | | 2525 NW Expy #525, Oklahoma City, OK 73112 \ sip:freedae...@ekiga.net | | "..in support of free software solutions." \ sip:4052279...@ekiga.net | \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ | | 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A | http://todd.fries.net/pgp.txt | -- >++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+ +++++++++++>-]<.>++[<------------>-]<+.--------------.[-] http://www.weirdnet.nl/
