Jul 10 17:38 [raw]
WIPE(1) User Commands WIPE(1) NAME wipe - securely erase files from magnetic media DESCRIPTION Recovery of supposedly erased data from magnetic media is easier than what many people would like to believe. A technique called Magnetic Force Microscopy (MFM) allows any moderately funded opponent to recover the last two or three layers of data written to disk; wipe repeatedly overwrites special patterns to the files to be destroyed, using the fsync() call and/or the O_SYNC bit to force disk access. In normal mode, 34 patterns are used (of which 8 are random). These patterns were recommended in an article from Peter Gutmann (email@example.com‐ land.ac.nz) entitled "Secure Deletion of Data from Magnetic and Solid- State Memory". The normal mode takes 35 passes (0-34). A quick mode allows you to use only 4 passes with random patterns, which is of course much less secure. NOTE ABOUT JOURNALING FILESYSTEMS AND SOME RECOMMENDATIONS (JUNE 2004) Journaling filesystems (such as Ext3 or ReiserFS) are now being used by default by most Linux distributions. No secure deletion program that does filesystem-level calls can sanitize files on such filesystems, because sensitive data and metadata can be written to the journal, which cannot be readily accessed. Per-file secure deletion is better implemented in the operating system. Encrypting a whole partition with cryptoloop, for example, does not help very much either, since there is a single key for all the parti‐ tion. Therefore wipe is best used to sanitize a harddisk before giving it to untrusted parties (i.e. sending your laptop for repair, or selling your disk). Wiping size issues have been hopefully fixed (I apologize for the long delay). Be aware that harddisks are quite intelligent beasts those days. They transparently remap defective blocks. This means that the disk can keep an albeit corrupted (maybe slightly) but inaccessible and unerasable copy of some of your data. Modern disks are said to have about 100% transparent remapping capacity. You can have a look at recent discussions on Slashdot. I hereby speculate that harddisks can use the spare remapping area to secretly make copies of your data. Rising totalitarianism makes this almost a certitude. It is quite straightforward to implement some sim‐ ple filtering schemes that would copy potentially interesting data. Better, a harddisk can probably detect that a given file is being wiped, and silently make a copy of it, while wiping the original as instructed. Recovering such data is probably easily done with secret IDE/SCSI com‐ mands. My guess is that there are agreements between harddisk manufac‐ turers and government agencies. Well-funded mafia hackers should then be able to find those secret commands too. Don't trust your harddisk. Encrypt all your data. Of course this shifts the trust to the computing system, the CPU, and so on. I guess there are also "traps" in the CPU and, in fact, in every sufficiently advanced mass-marketed chip. Wealthy nations can find those. Therefore these are mainly used for criminal investigation and "control of public dissent". People should better think of their computing devices as facilities lended by the DHS.