| 1 |
On Thursday 17 December 2009 12:47:23 Albert Hopkins wrote: |
| 2 |
> On Thu, 2009-12-17 at 11:42 +0000, Mick wrote: |
| 3 |
> > shred ... shreds files. Therefore you may need to point it to the |
| 4 |
> > files in question for it to work. |
| 5 |
|
| 6 |
> No. This is horribly wrong. Please don't tell people this. |
| 7 |
|
| 8 |
It's not entirely wrong. Shred will wipe a file that you ask it to, or a |
| 9 |
device that you point it to. |
| 10 |
|
| 11 |
> The problem with just shredding files is thus: |
| 12 |
> |
| 13 |
> * I have a file with very sensitive data, it occupies blocks x-y |
| 14 |
> on my hard drive. |
| 15 |
> * I later delete that file, in the os it just get's unlinked(). |
| 16 |
> If there are no more links to that file then it's considered |
| 17 |
> deleted, however the data is still there. |
| 18 |
> * Out of sheer "luck" blocks x-y are never reallocated. The data |
| 19 |
> remains on that block. |
| 20 |
> * I go to shred every file on the filesystem. Blocks x-y never get |
| 21 |
> shredded because they are not linked to a file. |
| 22 |
> * I give my laptop to someone. They run a tool as simple as |
| 23 |
> formost(1) on the drive. Bingo! Sensitive data found. |
| 24 |
|
| 25 |
Of course! Sorry for giving at least partially incorrect advice. :-( |
| 26 |
|
| 27 |
> Your comment about shredding devices... how long have you been using |
| 28 |
> *nix man? |
| 29 |
|
| 30 |
Long enough to have forgotten most I've learned about it. ha, ha! |
| 31 |
|
| 32 |
shred -v -n 25 -z /dev/sda |
| 33 |
|
| 34 |
will do the desired overwritting 25 times. dd will do the same, reruns will |
| 35 |
have to be done manually or via a script. DBAN seems to be the best tool |
| 36 |
available to do this job and it will from now be part of my arsenal of useful |
| 37 |
tools. Some useful info here: |
| 38 |
|
| 39 |
http://www.digitalissues.co.uk/html/os/misc/shred.html |
| 40 |
-- |
| 41 |
Regards, |
| 42 |
Mick |
Archives