data shredder

Gilles Gravier ggravier at fsfe.org
Mon Dec 21 13:39:23 UTC 2009 

Hi, Fred!

On 21/12/2009 14:08, Fred Roller wrote:
> Gilles Gravier wrote:
>   
>>     
>>> The other suggestions are good, and if you want a low-tech solution:
>>>
>>> 1) delete your files with rm as usual
>>> 2) overwrite the empty disk space with zeroes or random data
>>> Use either one of these commands:
>>>
>>> dd if=/dev/null of=nullfile bs=1M
>>> dd if=/dev/random of=randomfile bs=1M
>>>
>>>     
>>>       
>> The problem with these commands, is that you're not really helping...
>> Forensics tools will read below one or more levels of re-write. You need
>> to do this several times in a row... and, more importantly, you need to
>> use special data patterns that will actually make reading shadows of
>> former data harder if not impossible. There are standards for that. And
>> they do not involve writing random data or zeros, but actual specific
>> patterns.
>>
>> Gilles.
>>
>>   
>>     
> Amedee - I am used to the zero/random clearing of disks but not quite 
> clear on why you create an empty image.  Could you clarify?
>
> Gilles - Interesting point, could you expand on your thoughts?  What 
> procedure would you use to clear data?  Does deleting from an encrypted 
> fs (as you mentioned earlier) accomplish this pattern writing?
>   

When you store in an encrypted form... in order to delete a file, all
you have to do is forget the key. Then what is left is what was there
when the file was there, encrypted, i.e. random junk. Since it's
impossible to reverse most modern encryption algorithms (AES, for
example). That's what the ephemerizer does to provide assured delete. It
stores one key per file and when you tell it to delete the file... it
deletes the key. :)

As for pattern writing, there are tools to do that. Quoting from this
page : http://www.fileshredderpro.com/shredding-algorithms.html there
are several algorithms to chose from :

- /Fast (1 pass)/
The fastest shredding algorithm. Your data is overwritten with zeroes.

- /British HMG IS5 (Baseline) (1 pass)/
Your data is overwritten with zeroes with verification.

- /Russian GOST P50739-95 (2 passes)/
GOST P50739-95 shredding algorithm calls for a single pass of zeroes
followed by a single pass of random byte.

- /British HMG IS5 (Enhanced) (3 passes)/
British HMG IS5 (Enhanced) is a three pass overwriting algorithm: first
pass - with zeroes, second pass - with ones and the last pass with
random bytes (last pass is verified).

- /US Army AR380-19 (3 passes)/
AR380-19 is data shredding algorithm specified and published by the U.S.
Army. AR380-19 is three pass overwriting algorithm: first pass - with
random bytes, second and third passes with certain bytes and with its
compliment (with last pass verification) .

- /US Department of Defense DoD 5220.22-M (3 passes)/
DoD 5220.22-M is three pass overwriting algorithm: first pass - with
zeroes, second pass - with ones and the last pass with random bytes.
With all passes verification.

- /the US Department of Defense DoD 5220.22-M (E) (3 passes)/
DoD 5220.22-M (E) is three pass overwriting algorithm: first pass - with
certain bytes, second pass - with its complement and the last pass -
with random bytes.

- /NAVSO P-5239-26 (RLL)/
NAVSO P-5239-26 (RLL) is three pass overwriting algorithm with last pass
verification.

- /NAVSO P-5239-26 (MFM)/
NAVSO P-5239-26 (MFM) is three pass overwriting algorithm with last pass
verification.

- /the US Department of Defense DoD 5220.22-M(ECE) (7 passes)/
DoD 5220.22-M(ECE) is seven pass overwriting algorithm: first and second
passes - with certain bytes and with its compliment, then two passes
with random character, then two passes with character and its complement
and the last pass - with random character.

- /Canadian RCMP TSSIT OPS-II (7 passes)/
RCMP TSSIT OPS-II is seven pass overwriting algorithm with three
alternating patterns of zeroes and ones and the last pass - with random
character (with last pass verification).

- /German VSITR (7 passes)/
The German standard calls for each sector to be overwritten with three
alternating patterns of zeroes and ones and in the last pass with character.

- /Bruce Schneier (7 passes)/
The Bruce Schneier shredding algorithm has seven passes: first pass -
with ones, the second pass - with zeroes and then five times with random
characters.

- /Peter Gutmann (35 passes)/
Peter Gutmann shredding algorithm has 35 passes.

Of course, I would not use the 1 pass fast or British algorithms... I
would éick the /DoD 5220.22-M (3 passes) at minimum.

Gilles.
/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20091221/d79d6975/attachment.html>

More information about the ubuntu-users mailing list