1 |
On Thursday 17 December 2009 12:47:23 Albert Hopkins wrote: |
2 |
> On Thu, 2009-12-17 at 11:42 +0000, Mick wrote: |
3 |
> > shred ... shreds files. Therefore you may need to point it to the |
4 |
> > files in question for it to work. |
5 |
|
6 |
> No. This is horribly wrong. Please don't tell people this. |
7 |
|
8 |
It's not entirely wrong. Shred will wipe a file that you ask it to, or a |
9 |
device that you point it to. |
10 |
|
11 |
> The problem with just shredding files is thus: |
12 |
> |
13 |
> * I have a file with very sensitive data, it occupies blocks x-y |
14 |
> on my hard drive. |
15 |
> * I later delete that file, in the os it just get's unlinked(). |
16 |
> If there are no more links to that file then it's considered |
17 |
> deleted, however the data is still there. |
18 |
> * Out of sheer "luck" blocks x-y are never reallocated. The data |
19 |
> remains on that block. |
20 |
> * I go to shred every file on the filesystem. Blocks x-y never get |
21 |
> shredded because they are not linked to a file. |
22 |
> * I give my laptop to someone. They run a tool as simple as |
23 |
> formost(1) on the drive. Bingo! Sensitive data found. |
24 |
|
25 |
Of course! Sorry for giving at least partially incorrect advice. :-( |
26 |
|
27 |
> Your comment about shredding devices... how long have you been using |
28 |
> *nix man? |
29 |
|
30 |
Long enough to have forgotten most I've learned about it. ha, ha! |
31 |
|
32 |
shred -v -n 25 -z /dev/sda |
33 |
|
34 |
will do the desired overwritting 25 times. dd will do the same, reruns will |
35 |
have to be done manually or via a script. DBAN seems to be the best tool |
36 |
available to do this job and it will from now be part of my arsenal of useful |
37 |
tools. Some useful info here: |
38 |
|
39 |
http://www.digitalissues.co.uk/html/os/misc/shred.html |
40 |
-- |
41 |
Regards, |
42 |
Mick |