data shredder

Kent Borg kentborg at borg.org
Mon Dec 21 17:36:30 UTC 2009 

Gilles Gravier wrote:
> The problem with these commands, is that you're not really helping...
> Forensics tools will read below one or more levels of re-write.

Yes, you are helping.

Also, it depends on who you are worried about.

If you are a normalish person who isn't in the sights of a motivated and
well funded foe, a single pass of quality random data is going to be
quite secure. Particularly if you layer it with some other discipline:

1. Run whole disk encryption, Ubuntu will do that for you (though I
think you need to use the alternate install disc). Regularly wiping
unused space inside an encrypted volume is going to make recovery a
significant problem for anyone. Make sure your swap is also encrypted.
Keep your computer physically secure: /boot will still be unencrypted so
you need to trust that /boot hasn't been tampered with.

2. Use quality passwords (don't dream up something clever that you think
is random, instead think up a password choosing *method*, something that
incorporates actually random input and start flipping real coins). Make
sure they are long enough. If someone casually watching you type your
password doesn't make a funny face because it is so long--it isn't long
enough.

3. Never reuse passwords you care about on different systems.

4. Never type important passwords on keyboards you don't trust and
mostly don't trust many keyboards. Don't trust Bluetooth keyboards,
don't trust keyboards on computers in hotels and airports and cyber
cafes, don't trust your mother's computer, don't trust "your" computer
at work, and don't trust computers running any Microsoft software.

5. Don't let untrusted software run on your computer. Stick to open
source software (not Skype), use mainstream software that others will be
worried about too, keep your installation minimal, never use proprietary
device drivers, keep your software up to date. Spyware, spyware,
spyware: If someone can get you to give away your passwords then all
your other efforts are worthless. Assume all commercial software is
spyware (what will company X do when asked by the feds for backdoor
access?, particularly when some Patriot Act provision threatens them
with jail for even sneezing wrong).

6. Write down your passwords. If you don't keep a list you can't both
use quality passwords and never recycle them--it is impossible to
remember that many quality passwords. Go ahead and encrypt the list, or
use bad handwriting and do some mangling that will make it not so useful
for someone who might find it. Keep a backup copy of the list so you can
go change all your passwords if the primary list gets lost. Don't
photocopy a physical list on a digital copier (and they all are digital
these days), keep it up-to-date by hand.

7. Make sure your data backups are as secure as your working copy.

8. Figure out what I missed in these points that might apply in your
situation: Think about all the weak links.

Does that sound like an excessively paranoid list?

Unless you cover all the other ways your data can get out, the least of
your worries is some slow, laborious, and expensive magnetic microscopic
reading through dozens or hundreds of gigabytes of overwritten data. I
can't believe it is easy to recover old data on modern disks of dizzying
data density. And you probably just aren't worth that kind of effort.
Though you might be worth quietly installing a little software that
records what you type on your keyboard, including your passwords. You
might be worth forcing Google to give up your gmail password and forcing
your bank to give up your online banking password and trying those
passwords on your encrypted data.


Figure out how paranoid you want to be, then think through all the
implications. (A fancy lock on your front door doesn't mean much alone,
consider all the other ways into your house.) Don't fixate on one little
technology, or you risk having your foes just step around it.


-kb, the Kent who recently wrote a much faster yet simple random number
generator in Python* specifically so wiping empty space will be practical.


* No, I didn't write any cryptographic primitives, mostly no one
slightly normal ever should, instead I combined /dev/urandom with
AES-256 encryption and a high resolution timestamp to pump out random
data much faster than /dev/urandom or /dev/random, yet it should be damn
high quality--that is if AES-256 and /dev/urandom are secure, and if I
didn't do anything stupid.

More information about the ubuntu-users mailing list