Hi, On Wed, Dec 23, 2009 at 03:21:31PM +0100, Thibaut Paumard wrote: > > Le 23 déc. 09 à 13:44, Osamu Aoki a écrit : > >> (Just think about photo collection in ext2 disk. You erase some >> photos there but usually file contents stay on the storage media.)
I should add "without any effort to overwrite them." > yes and no. Indeed, the MS Windows tool used instead of zerofree is > sdelete, a secure delete tool too make it really hard to undelete > sensitive information. That is for vfat or ntfs, I guess. > On the other hand, my understanding is that it is not enough to zero the > disk once. You have to write several times to really make professionals > unable to retrieve erased data. so "dd if=/dev/random of=junk ... ; rm > junk" several times looks like a much safer option to me. Oh no. not with /dev/random. Too slow. Please use /dev/urandom for that. > Of course, zeroing once is enough to prevent most of your friends from > undeleting your secret diary notes. For that matter, most of your > friends wouldn't be able to retrieve the "sensitive" data even if only > rm has been used. True but you do not need to be expert to do so. There are tools to get data from harddisk like as I checked our archive: http://www.debian.org/doc/manuals/debian-reference/ch10.en.html#_data_file_recovery_and_forensic_analysis recover and e2undel ... they seem quite easy to use. They look like old MS-DOS undel. (MS-DOS was only changing first byte of file name in FAT table to unreadable one to mark files being erased. Thus undel command was easy to make.) Please enlighten me. I understand zerofree does something similar to e2undel by looking ext2 filesystem and finding deleted file contents. Instead of undeleting file, it overwrites zeros to the old file content. It is not checking all unused disk contents being zero and that is why fast. Am I right? Then it gives good enough protection quickly ... This was my thought. Osamu PS: With special high profile tools that can read patterns in magnetic media, harddisk erase can be done on such quick zeroing. But it is known to be non-trivial. The same goes with USB flash devices where internal device is not overwriting data even if you tell them to do so from Linux side as their ware leveling feature. So some one with special back door access to device can read such data. I think that kind of security is different game and not worth my time :-) -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
