9 replies to this topic

[DarkLordofthePenguins]

Most people don't know this, but when you delete a file, you're not actually erasing it. All you're doing is removing a link to it (in Unix) or marking it as deleted (Windows). The information still remains on your hard drive, and someone who wants to steal your data can easily scan the hard drive to recover it. If you're smart, you will use secure erasure for data that you really want to get rid of completely. The program I have written overwrites all the bytes in a file with 0s, then renames the file, truncates it, and deletes the link.

Here is the original version I wrote, optimized for Unix/Linux:

// Secure erase program

// For regular files


#include <stdio.h>

#include <unistd.h>

#include <fcntl.h>


int main( int argc, char **argv ){

	int fd = open( argv[1], O_RDWR );

	// Get file length:

	off_t len = lseek( fd, 0, SEEK_END );

	lseek( fd, 0, SEEK_SET );

	// Write zeros to the file until

	// reaching the end:

	for( int i = 0; i < len; i++ ){

		write( fd, "\0", 1 );

	}

	close( fd );

	// Truncate to 0 bytes:

	fd = open( argv[1], O_WRONLY | O_TRUNC );

	close( fd );

	// Rename and delete:

 	rename( argv[1], tmpnam( NULL ) );

	unlink( argv[1] );

	return 0;

}

Here's a modified version using only the C Standard Library. It's not as efficient, but it's portable to Windows:

// Secure erase program

// For regular files


#include <stdio.h>


int main( int argc, char **argv ){

	FILE *fp = fopen( argv[1], "r+" );

	// Get file length:

	fseek( fp, 0, SEEK_END );

	long len = ftell( fp );

	fseek( fp, 0, SEEK_SET );

	// Write zeros to the file until

	// reaching the end:

	for( int i = 0; i < len; i++ ){

		fputc( '\0', fp );

	}

	fclose( fp );

	// Truncate to 0 bytes:

	fp = fopen( argv[1], "w" );

	fclose( fp );

	// Rename and delete:

	rename( argv[1], tmpnam( NULL ) );

	remove( argv[1] );

	return 0;

}

The program could use some improvement obviously, seeing as I haven't added any error checking and it only works on regular files (as opposed to directories, symbolic links, etc.).

[Alexander]

An advantage over other "write it already!" methods is that fsync on the file descriptor will not return until it has been done or an error has occurred. It could be beneficial to put that in the end of your program in case power is cut out, or another user logs on and scans the free space before it is possibly synchronized long later when scheduled.)

[RhetoricalRuvim]

What about the Shift + Delete keyboard shortcut?

[Alexander]

RhetoricalRuvim said:

What about the Shift + Delete keyboard shortcut?

That will prevent people from looking at your deleted taxes in the recycle bin, it won't wipe it with 0's.

[RhetoricalRuvim]

The Delete shortcut moves things to the recycle bin; the Shift + Delete shortcut permanently deletes the file(/s), but I don't know how 'permanent' the deletion is.

[Alexander]

RhetoricalRuvim said:

The Delete shortcut moves things to the recycle bin; the Shift + Delete shortcut permanently deletes the file(/s), but I don't know how 'permanent' the deletion is.

It's the equivalent of hitting "recycle" on all of your "recycled" files. It may even sill be within the hidden directory C:\Recycler (I believe that is the name) and not actually gone completely from directories. It will likely have a random name however as it has no metadata any longer.

[LuthfiHakim]

RhetoricalRuvim said:

..the Shift + Delete shortcut permanently deletes the file(/s), but I don't know how 'permanent' the deletion is.

From the file system perspective, this "Delete" only remove the file from the "table of content" which also means removing the used mark that previously placed on the actual area. The real content is still there.

Actually if you only overwrite the area once or twice with zeros, there are still ways to recover the content, albeit sophisticated equipment requirement.

[RhetoricalRuvim]

LuthfiHakim said:

Actually if you only overwrite the area once or twice with zeros, there are still ways to recover the content, albeit sophisticated equipment requirement.

Then we'll get even more sophisticated equipment to delete the data even better :c-grin::D .

[LuthfiHakim]

RhetoricalRuvim said:

Then we'll get even more sophisticated equipment to delete the data even better :c-grin::D .

Lol! Actually we don't really need this kind of "sophisticated delete equipment". Just do the zero overwrites enough times, which hopefully resulting in magnetic force too low to distinguish from actual zero magnetic force. Maybe 10 passes?

[Alexander]

LuthfiHakim said:

Maybe 10 passes?

May only be beneficial to my 300MB WD Caviar drive on my shelf, high density disks have little viable distortion after a wipe. A sensible standard is to write random data, invert it, then make a final pass of patterned bits to clear any possible distortions.

If I remember correctly, SSDs ("flash" based, getting somewhat common now) are much worse and require advanced techniques (relating to hardware or firmware) to securely wipe files. Encrypted flash drives can have encryption keys destroyed, although I believe that is destructive.