Join us on IRC: #infoanarchy on irc.oftc.net — channel blog

Talk:File wipe software

From iA wiki

This is the first i've ever heard of UNIX filesystems being inherently more secure than FAT or HTFS. As far as i know, when you delete something in UFS/FFS it just removes the inode, but the data is still physically on the disk. Actually i thought this was a filesystem independent issue, because it's about magnetic "residue" left on the hard disk, not the arrangement of the data on the hard disk. If i'm wrong perhaps it should be mentioned that UNIX isn't just magically secure, it's been a recent effort implemented in newer kernels (??) -- Amw

I can't speak for the older UNIX systems but I'm in the process of confirming what I heard a UNIX guru friend of mine report.
But there's a reason why I think I'm right: UNIX systems don't need defragmentation. Why? Because they are fundamentally different from FAT, FAT32, NTFS, etc.
I don't know what HTFS is - was that a mistype? Webfork
Could be :) I meant the original MacOS system. Pretty sure it's HTFS... -- Amw
Nope, that's HPS. HTFS is SCO's UnixWare FS.
Quote from Linux kernel menuconfig:
lqqqqqqqqqq Apple Macintosh file system support (EXPERIMENTAL) qqqqqqqqqqqk
x CONFIG_HFS_FS:

x

x

x

x If you say Y here, you will be able to mount Macintosh-formatted

x

x floppy disks and hard drive partitions with full read-write access.

x

x Please read fs/hfs/HFS.txt to learn about the available mount

x

x options.

x

x

x

x This file system support is also available as a module ( = code

x

x which can be inserted in and removed from the running kernel

x

x whenever you want). The module is called hfs.o. If you want to

x

x compile it as a module, say M here and read

x

x Documentation/modules.txt.

-- dpi

From a UNIX guru:

To my knowledge (slight disclaimer), none of the *nix file systems currently in use require "defrag"ing. This is a result of how the file system works, and what the kernel does when the system is both active and not-busy ethier (the not-busy thing is implementation dependent).
However, UNIX fs's CAN have deleted files recovered, and so a file-wiper is a good idea for the disk-drive-paranoid. For example, the command "rm" simply "unlink"s a file. This means that it removes the reference to the file that exists in the parent directory's listing -- rendering the file inaccessible for most practical purposes. Recovering files CAN be done, but it requires a level of expertise AND luck (it's a shot in the dark) that most do not have.

I'll sit on that and try to rewrite the entry in the next few days. Webfork

This page, well, the File_Wipe page, is wrong as far as I know. It is my understanding that no matter how many times you overwrite the data, with enough money and time anything is readable. The only secure method is to destroy the hard drive magnetic platter (not just the drive, because they can rip it out and read it even if the drive itself is dead.) Ahh... here is the paper I was thinking of. It is a very good paper too. http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html

The best bet is to not have sensitive data ever hit the hard drive. Here is what I would do if I was paraoid and had the money: On your hd, have a large steganographic file system(there is a great one I am thinking of that I am too lazy to find a link to - maybe later). Then when you want to use the data, decode it to a large RAM disk. In fact, NEVER touch the primary hdd except with encrypted steganographic data. Sync the RAM data to the hdd occasionaly, and for safety, have an uninteruptable power supply. The outcome? When the feds come looking to take your computer for your misdeeds, they will switch your computer off straight away, as a precaution against a trip-wire system that deletes your data. Heh! That is the beauty of it. THEY deleted the data, not you... When they ask about the contents of the steganaographic file system, say you are paranoid about someone finding your porn collection, so you encrypt and steganographically hide it. And it is mathematically proven that they can't prove other data exists in your steg file system. Here is the steg file system I was thinking of: http://www.mcdonald.org.uk/StegFS/

Assuming you're correct and magnetic data is forever, you also assume that some massive agency such as the US government is the attacker. They have massive resources and probably could, given a lot of money and effort, recover a file that has been wiped. However, again: that takes money and resources and it is unlikely that those will be spent on any one individual unless they are a clear and obvious threat (See Security Through Obscurity).
The vast majority of computer issues are not with the federal government - they are with laptop theft (very common) and corporate espionage (increasingly common) in which case a cryptographic file system, see: Hard Drive Encryption is very, very wise. Even with the wacky KGB-style PATRIOT ACT there are only so many computers they can seize and look at.
As for a steganographic file system, this is just one more layer of security and, for the moment, out of the reach of most users. Then again, five years ago, good encryption was out of the reach of most users and now we have AES and Twofish. I'd love to see more work along the lines of ScramDisk.
This formula should be in Attack... I'll go do that.
As a side note, your link to StegFS is restricted to 2.2 kernel, which I'm sure very, very few people are still using. Webfork

A few years ago I read a web page from a gorl that actually tested a bunch of file wiping utility, debunking a few as snake oil... I can't find it back, anyone still have it in his bookmarks? JoSwujDa 00:07, 4 Apr 2005 (GMT)

WARNING: THE ABOVE METHOD WILL ABSOLUTLY NOT OVERWRITE THE INFORMATION ENOUGH TO PREVENT ANYTHING OTHER THAN SOME SIMPLE UN-DELETE TOOLS FROM GAINING ACCESS TO YOUR DATA. EVEN IF YOU DID OVERWRITE 100% OF YOU DRIVE (uuuunlikely) Law Enforcement OFFICIALS HAVE EXPENSIVE Data Recovery MACHINES THAT EXAMINE THE MAGNETIC DISK SURFACE WHICH ALLOWS THEM TO GET SEE WHAT STATE EACH BIT WAS IN BEFORE IT WAS OVERWRITTEN.(it's a magnet, it's not like flipping on a switch. when the HD writes to it, it doesn't move all the way) MOST DATA MUST BE OVERWRITTEN AT LEAST 5 TIMES TO MAKE IT VERY VERY DIFFICULT (BUT STILL NOT IMPOSSIBLE) FOR SUCH A MACHINE TO RECOVER. HIGH GRADE SHRED TOOLS DON'T OVERWRITE UP TO 25X FOR FUN!

I moved this to the Talk:File wipe page due to my dislike of ALL CAPS entries. But I did some research and the user is right. If I missed a point, please tell me. Thanks for the changes. Webfork
Retrieved from "http://www.infoanarchy.org/en/Talk:File_wipe_software"