Any way to secure-erase a file?

[ax0n]

Is there any way to securely erase a file in place with newLISP?  I mean, a way to access the actual blocks on the device to make sure that you are over-writing the location where the file was stored, instead of simply making a new file with the same time?

[Lutz]

this utiity would write random characters into the file before deleting it, the script also checks for the existence of the file.

Code Select Expand

#!/usr/bin/newlisp

(set 'file (main-args 2))

(if (file? file)
    (set 'size (file-info file 0))
    (exit))

(set 'handle (open file "update"))
(for (i 0 size)
    (write-char handle (rand 255)))
(close handle)

(delete-file file)

(exit)


Lutz

[nigelbrown]

Actually wiping data can be quite complex e.g. see http://www.usenix.org/publications/library/proceedings/sec96/full_papers/gutmann/">http://www.usenix.org/publications/libr ... s/gutmann/">http://www.usenix.org/publications/library/proceedings/sec96/full_papers/gutmann/ . And smart drives with cache and file systems that will sideline old data and write a new block under some conditions are problematical.

It depends on how secure you want to put the effort in to become.

Maybe call a proven utility to do it.

Nigel

[ax0n]

Actually wiping data can be quite complex e.g. see http://www.usenix.org/publications/library/proceedings/sec96/full_papers/gutmann/">http://www.usenix.org/publications/libr ... s/gutmann/">http://www.usenix.org/publications/library/proceedings/sec96/full_papers/gutmann/ . And smart drives with cache and file systems that will sideline old data and write a new block under some conditions are problematical.

It depends on how secure you want to put the effort in to become.

Maybe call a proven utility to do it.

Nigel

I know the problems, it's kind of why I asked.  Simply writing data to a file before erasing won't always overwrite the physical location on the disk.  Matter of fact, it usually won't overwrite those blocks, it will just write the file out wherever convenient and change the catalog to match.



I have a whole host of "wipe" utilities at my disposal.

[cormullion]

well this is probably over my head, but there's srm on MacOS X:

Code Select Expand

(exec "srm /Users/me/Desktop/secret.txt")

There's some fun-looking options -

Code Select Expand


-m, --medium
              overwrite the file with 7 US DoD compliant passes  (0xF6,  0x00,              0xFF, random, 0x00, 0xFF, random)

I just wish I had something secret enough to be worth deleting so completely. :-)

[ax0n]

That's nice, I'm actually using OS X most of the time.  I didn't realize it had that feature.  And actually Wietse Venema (I think it was him) said that absolutely no software could ever recover data that was simply overwritten one time.  Data recovery methods beyond that scale have to occur on an electron microscope.



In the other thread I've been posting in, you can see that I'm dealing with cryptography (simple, but cryptography all the same).  So it's not that I have anything to hide or worth hiding, however, remnants of the files related to the encryption can create a vulnerability if recovered from media.

[nigelbrown]

however, remnants of the files related to the encryption can create a vulnerability if recovered from media.

Perhaps you could use newlisp to generate a few thousand decoy files ( a few hundred megs total to flood disk cache) then delete them so that the deleted remnants are buried in the deleted dross. A bit like "Chaffing and Winnowing: Confidentiality without Encryption" http://theory.lcs.mit.edu/~rivest/chaffing.txt">http://theory.lcs.mit.edu/~rivest/chaffing.txt .



Nigel

[newdep]

It all depends on your Filesystem type..



In some unix environments you dont want to try and recover lost files

because the OS already took care of reassigning the I-nodes that came free..(I-nodes are the main key here, thats why recovering files on i.e. Linux ext2 ext3 is a hard thing to do..)



So perhaps you dont even need to cover them up after all ;-)