Delete files on Linux securely

I want to make one thing clear. You need to use multiple overwrites strategy ONLY when you’re dealing with a file, or a bunch of  files, size of which doesn’t equal capacity of the storage device. Multiple overwrites strategy is a legacy approach that made much sense back in the day, and to some extent today too, but largely it took on a size of an urban legend.

It’s true, though, that  if you want to completely destroy a single file you should rather use this multiple overwrites strategy to stay on the safe side. There are a couple of reasons for this is, one would be that, theoretically, underlying storage device logical addressing system (LBA) could remap sectors with data (think bad blocks recovered by hard drive semi-intelligent firmware known as error correction mechanism) to some other place and thus remains of the files, or sometimes even copies could be found on the drive despite the fact that the file(s) was deleted.

Keep in mind that in most cases recovering these remnants is not a trivial task, so if your adversary is your girlfriend or geek friend with mild degree in Geekinness, you may consider yourself reasonably safe when deleting files with rm. If you’re up against cyber police or underground hackers perhaps it won’t hurt to use the method described in this post down below.

Also, please note, that on SSD drives multiple overwrites strategy should really be embraced due to the technical design of this type of storage device (read more about it in stackoverflow thread).

Bottom line is, if you need to destroy all data on a drive you don’t have to overwrite it multiple times, just once will be enough but ONLY IF you’re sure you’re overwriting every single sector on the drive (think dd if=/dev/random of=/dev/sda). It won’t hurt but you really shouldn’t.

Here’s a nice starting point if you’re interested in deeper details of the discussion:
http://stackoverflow.com/questions/59656/why-overwrite-a-file-more-than-once-to-securely-delete-all-traces-of-a-file

Here’s the deal, in most cases, on most popular distributions, on most standard Linux setups removing a file via GUI file manager or in your terminal window, including by rm command, isn’t secure at all. A file removed in such a fashion can be relatively easily recovered.

If you’re donating your old computer to a younger sister and don’t want to blush when she recovers your Inkscape drawings of  Pokemon characters and posts them up on Facebook, you need to know how to delete those files for good. Securely, so that not even Interpol can recover them with expensive hardware.

If you doubt how much this is serious, google “securely delete file linux” up and look at the numerous warnings written by many people all across the web — rm is not enough!

Even more, the filesystem type and its options may prevent you from successfully deleting a file for good even with shred. So, how do we do it?

shred is the command line utility that does the job. There are a few interesting command line options that are often omitted elsewhere on the various pages on the Internet.

Continue reading