Sent the my original reply by accident only to the OP. Here a copy for the list: I comment on this in the cryptsetup FAQ in items 5.4, 5.5 and 5.19. For the case of a non-LUKS container, the current state-of-the-art is that for HDDs a single pass of zeros is enough and for any type of non-valitele memory (SSD, USB-key, etc.) it is unclear. In all cases encryption helps. Defect management may complicate things for HDDs and SSDs, but for HDDs you can at least query the reallocated count in teh SMART status to see whether that happened. As to swap, you can either disable it or use encrypted swap, possibly with an one-tile boot-up key, and, if you like frequent key-changes. You can only secure-delete a single file if you understand what your filesystem does. The thing you have heard is complete nonsense though. One way with some filesystems is to overwrite the original file. The Linux tool "wipe" does that. It is insecure with ext3 (data may be in the log) btrfs (later writes may not go to the same sectors) and others. You can delete the file and overwtite all empty space, but that may leave some leftovers. As to papers, for HDDs, look at the original Gutman paper and its adendum: http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html For SSDs, look at http://www.usenix.org/events/fast11/tech/full_papers/Wei.pdf and possibly its references. Arno On Sun, Dec 09, 2012 at 06:20:14AM -0500, jugree@xxxxxxxxxxx wrote: > Hello. > > How to securely delete data from a hard drive? Is it possible without > physical destruction? > > How to work with sensitive data if you're using swap? Is it enough to > run `swapoff', decrypt some data, encrypt it again, and run `swapon'? > > Is it possible to securely delete a single file? I've heard that you > should create another file with the same name, write some data to it, > and delete it. > > This is a popular topic, but it's really hard to find any proofs. > > Can you suggest any books or papers on the subject? > > > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- One of the painful things about our time is that those who feel certainty are stupid, and those with any imagination and understanding are filled with doubt and indecision. -- Bertrand Russell _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
