On Thursday 17 December 2009 12:47:23 Albert Hopkins wrote: > On Thu, 2009-12-17 at 11:42 +0000, Mick wrote: > > shred ... shreds files. Therefore you may need to point it to the > > files in question for it to work.
> No. This is horribly wrong. Please don't tell people this. It's not entirely wrong. Shred will wipe a file that you ask it to, or a device that you point it to. > The problem with just shredding files is thus: > > * I have a file with very sensitive data, it occupies blocks x-y > on my hard drive. > * I later delete that file, in the os it just get's unlinked(). > If there are no more links to that file then it's considered > deleted, however the data is still there. > * Out of sheer "luck" blocks x-y are never reallocated. The data > remains on that block. > * I go to shred every file on the filesystem. Blocks x-y never get > shredded because they are not linked to a file. > * I give my laptop to someone. They run a tool as simple as > formost(1) on the drive. Bingo! Sensitive data found. Of course! Sorry for giving at least partially incorrect advice. :-( > Your comment about shredding devices... how long have you been using > *nix man? Long enough to have forgotten most I've learned about it. ha, ha! shred -v -n 25 -z /dev/sda will do the desired overwritting 25 times. dd will do the same, reruns will have to be done manually or via a script. DBAN seems to be the best tool available to do this job and it will from now be part of my arsenal of useful tools. Some useful info here: http://www.digitalissues.co.uk/html/os/misc/shred.html -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.