Security of the hard disc file system / deleted files

[UgoDeschamps]

It always depends on your needs.. If your doing some "illegal" stuff, idd say mechanicly destroy it... as anything that can be used against you... will
as for patent alike program that your working on... depending on the value of code, idd say... cant be too cautious... 1-2 pass would be good...

[kkubasik]

10 passes meets the NSA's required amount for confidential information.. and as they say, if its good enough for the US of A.....

But seriously, no matter how many times its still 'theoreticaly possible' just as time travel is 'theoreticaly possible' if you have 3 overwites, no one without some seri-****ingass equipment is gonna be able to do anyhting, and even then were talking months of work to get maybe the first few lines and some gibberash. Anyone with just a basic software recovery toolset can be thwarted by downloading (or ripping, should you happen to have them) every episode of the brady bunch and just copying them around a bit.

[Juuzzo]

No 007 stuff, single pass overwrite is enough. However those questions on efficiency are bit tough.....good discussion anyway.

Juuzzo

[cthompson]

First thanks for everyone...participated

Has anyone used bcwipe ? Is that freeware or commercial product ? Is the performance better than with discussed “overwrite all empty” script ?

It's freeware for Linux only, just like BestCrypt their other product. Well
since BCWipe is written in C it sure is faster than any kind of script.

I considered also this idea of USB stick as an alternative to avoid the magnetic media. However, with my expertise there is no proof that the files would not finally be written to the disc in some situation (swap, temp, log, crash...) anyway. Also the convenience of using the normal hard disc is important.

Well, temp is easy to fix (tmpfs), swap (you have to set a flag when you start the program to make it never go to swap), log (that shouldn't be a
problem, you just need a program that either doesn't log what you
edit/logging can be disabled/no logging at all), crash (core dumps
can be disabled). Well that's if you need maximum security. Else just wiping the files with bcwipe or shred will do just fine.

Another similar type solution is to keep the confidential data encrypted and shred the decrypted files. However, with my expertise.....the same comments as above.

Yeah, that's another solution, there is loopback encryption for Linux so you can set that up. Alternatively there is BestCrypt (same people as bcwipe and you can share the encrypted containers with the Windows version of BestCrypt). However, on the point of view of maximum security, the magnetic storage problem still exists and furthermore these virtual encrypted filesystems use weak key-lenghts (256, 128 etc...).

Why is then overwriting not efficient on ReiserFS ? As far as I have understood the the file system uses allocation units or tables (are they called inodes) that can actually hold more than one file linked to it.
Inode would not make the file space available as an empty space for shred or cat /dev/urandom > /tempfile; rm /tempfile until all the files (links) to the inode has been deleted.

That would explain why filling the empty space by overwriting may leave some data intact. Am I right ?

How much data could be left in this case ? Are big files always deleted or is there some other criteria how inodes are deleted and filled again – if they are ? Gets bit theoretical, but someone who is deep enough in these things could probably tell.

I think it doesn't have anything to do with ReiserFS in particular, but with journaled filesystems as a whole. Maybe ReiserFS 4 is not affected by this as it is not a journaled filesystem, but uses another technique to achieve integrity of data.

Then couple more words about the magnetic media. Is it absolutely clean if overwritten? At least military tends to destroy mechanically all used magnetic media and not sell them for example after overwriting (not much value anyway).

No, you can never be sure that a magnetic device is absolutely clean. Yes with a magnetic device if you want it to be absolutely clean, then you have to destroy it.