On Fri, 8 Nov 2002 17:25:04 +0000
"Stephen C. Tweedie" <sct@redhat.com> wrote:
<snip>
> > Can anyone please tell me if I am right in assuming that ext3
> > does not care about file slack?
>
> What do you mean, exactly?
Always a good question :)
I had in mind the situation in which files have been deleted but
their contents have not been overwritten - I do appreciate that
Big Powerful Agencies can see past that, but I don't believe I am
on their List of Suspects.
My concern is that I have accumulated a good
deal of my clients' data (some of it in the form of emails to and
from me), on this machine, whose location is not exactly Fort
Knox. I can use a secure deletion utility (like fwipe) on future
files I create but, (a) there is a legacy of old deleted files,
(b) I am not sure how I could use something like that on, eg, an
individual email deleted by my MUA (which happens to be
sylpheed). What I have in my (possibly naive and uninformed),
mind is a "sledgehammer" to run from time to time which will
simply overwrite all space on a given partition that is not
presently marked as containing live files. I hoped that sfill
would do that for me.
Since writing my last post I have compiled secure_delete, - it is
in fact about 2 years old now and took a good deal of googling to
find. I am going to put the sfill manpage below. sfill.c is
actually quite short (about 10k), but don't won't clutter the
list with it unless someone asks me to.
Regards,
Geoff
---------
NAME
sfill - secure free diskspace wiper (secure_deletion
toolkit)
SYNOPSIS
sfill [-f] [-l] [-l] [-v] directory/mountpoint
DESCRIPTION
sfill is designed to delete data which lies on available
diskspace on mediums in a secure manner which can not be
recovered by thiefs, law enforcement or other threats.
The wipe algorythm is based on the paper "Secure Deletion
of Data from Magnetic and Solid-State Memory" presented at
the 6th Usenix Security Symposium by Peter Gutmann, one of
the leading civilian cryptographers.
The secure data deletion process of sfill goes like this:
* 1 pass with 0xff
* 5 random passes. /dev/urandom is used for a secure
RNG if available.
* 27 passes with special values defined by Peter Gut-
mann.
* 5 random passes. /dev/urandom is used for a secure
RNG if available.
COMMANDLINE OPTIONS
-f fast (and insecure mode): no /dev/urandom, no syn-
chronize mode.
-l lessens the security. Only two passes are written:
one mode with 0xff and a final mode with random
values.
-l -l for a second time lessons the security even
more: only one random pass is written.
-v verbose mode
directory/mountpoint this is the location of the file cre-
ated in your filesystem. It should lie on the partition
you want to write.
LIMITATIONS
NFS Beware of NFS. You can't ensure you really com-
pletely wiped your data from the remote disks.
Raid Raid Systems use stripped disks and have got large
caches. It's hard to wipe them.
swap Some of your data might have a copy in your
swapspace. sswap is available for this task.
__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com
_______________________________________________
Ext3-users@redhat.com
https://listman.redhat.com/mailman/listinfo/ext3-users
