Secure erase – software for GNU/Linux

This article has been originally published in Italian (here). Feedbacks on content and translation are appreciated. Contributions are welcome. The original article must be considered the reference in case of updates.

In my previous post I have described what is secure erase and when it might be reasonable to use it, mentioning some of the most common standard procedures to “clean up” disks. It’s now time to show some programs available for the purpose in a GNU/Linux environment. Software listed below have been tested in Kubuntu Lucid Lynx (10.04).

  • Wipe

A simple command line program, following well established GNU/Linux tradition, wipe is available in Ubuntu repositories (sudo apt-get install wipe).

Wipe manual page explicitly arises an important security question (that is: “making things as hard as possible to bad guys trying to recover your data”): defective blocks reallocation. In brief, hard disks silently copy data from defective blocks to “spare” ones (remapping), in order to avoid data loss. The blocks marked as defective (“bad blocks”) are no longer accessible although they still hold original data, that could be therefore recovered (with great effort, anyway!).

Right after providing us such a noteworthy information, the software author goes quite paranoid. Together with his imaginary friend, he conjectures that modern hard disks might secretly store files containing sensitive data. These files can then be recovered through secret IDE/SCSI commands, created by manufacturers in agreement with government agencies. Even hackers, backed by powerful criminal organizations, might get to find out these commands. We’d better therefore not to trust our hard disk and encrypt data. In addition, such secret checks, performed also by some shady CPU operations, provide clues for criminal investigations and “control of  public dissent”. Check the man wipe page for the full story. By the way, I noticed my toaster looks suspicious, I think it’s spying on me…

Back to wipe, it allows for file, folders and whole disks deletion. Further recommendations on usage suggest that erasing a partition (or a whole disk, including MBR) rather than a single file is safer from security standpoint. Journalled file systems can make the operation ineffective (more details in next section about “shred” software).

The default “quick wipe” performs 4 random data writing operations: the number can be specified through option “-Q <n>”.
Wipe is full of options to customize the random data generation method. We can choose both the device providing input data (option -R, default: /dev/random) and the PRNG (Pseudo Random Number Generator) algorithm with “-M” switch.

Choosing the proper algorithm is actually the key for an effective erasure. The data stream used to overwrite the disk content must not be repeatable and, therefore, predictable. It must be impossible (or, at least, very very difficult) reconstruct the “random” sequence and then trace back previous data.

The selected algorithm uses a “seed” (also called “salt“) of suitable length (for example 128 bit: the longer, the safer) to generate the data stream. A seed is a bit sequence resulting in turn from an “hashing” function like the well known “MD5“, the string we often see to verify the integrity of a downloaded file. And now, slowly and gently, I am going to clarify all these weird words…

Although theory behind these terms are quite hard to handle and understand, the basic idea is simple: hashing functions perform a number of transformations on the input sequence (“hash” is a word describing a mix of chopped meat and vegetables) finally getting a single string of fixed length (called “digest”, 48 – 128 bit long in current implementations). The key property of hashing functions is that they never generate the same output string starting from different input strings and, mainly, they cannot be inverted. That is, the input string cannot be reconstructed starting from the resulting digest. Exactly what we need!

[Sequence A] ---> [Hashing function] ---> [Digest 1]
[Sequence B] ---> [Hashing function] ---> [Digest 2]
[Digest] -X-> [Inverted hashing function] -X-> [Original sequence]

Digest can now be used as input value (“seed”, appropriately) for the PRNG et voilà!, we get our data stream ready to be written on disk and overwrite proofs of our darkest secrets. Next section, covering DBAN, contains additional details on PRNG (let’s take one little step at a time to avoid brain overload…) ;-).

Wipe handles all the described black magic by options

  • “-R”: source of data for seed generation (/dev/random or command output)
  •  “-S <x>”: seed generation method
  • “-M <y>”: (PRNG algorithm)

Since I am quite fond of schemes, here it is a representation of the process going on before your evil data smasher eyes:

┌──────────────────(-R)─────────────────┐                  ┌────(-S <x>)───┐    
[Data from /dev/random or command output] -> [Hash MD5] -> [Seed generation] ->
   ┌───(-M <y>)───┐
-> [PRNG algorithm] -> [Death, Chaos and Destruction!]

Finally, here comes the output of wipe, used to clean in a few seconds (options: quick wipe, recurse subdirs, seed from /dev/random, verbose output) approximately 60 MB of troublesome data (files and their folder structure) created for the purpose:

ubuntu@ubuntu:~/Documents/Level1/Level2/Level3$ ls -l
total 61680
-rw-r--r-- 1 ubuntu ubuntu 21168128 2011-08-31 16:55 compromisingfile
-rw-r--r-- 1 ubuntu ubuntu 21430272 2011-08-31 16:55 scabrousfile
-rw-r--r-- 1 ubuntu ubuntu 20480000 2011-08-31 16:54 secretfile
ubuntu@ubuntu:~/Documents/Level1/Level2/Level3$ cd ~/Documents
ubuntu@ubuntu:~/Documents$ wipe -q -r -S r -i Level1/
Okay to WIPE 1 directory ? (Yes/No) yes
Entering directory 'Level1/'
Entering directory 'Level2'
Entering directory 'Level3'
File compromisingfile (21168128 bytes) wiped
File scabrousfile (21430272 bytes) wiped
File secretfile (20480000 bytes) wiped
Going back to directory /home/ubuntu/Documents/Level1/Level2
Going back to directory /home/ubuntu/Documents/Level1
Going back to directory /home/ubuntu/Documents
Operation finished.
3 files wiped and 0 special files ignored in 3 directories, 0 symlinks removed but not followed, 0 errors occured.

Everything was done in a Ubuntu live session started off a USB key: booted the PC, one shot of apt-get, a pinch of terminal et voilà #2. Freshly served with cocktail umbrella and a slice of lemon. Just sayin’…

And people keep asking me why I use Gnu/Linux: because it gets things done when you need it, as you need it, no “But…”, “EULA doesn’t include…”, “It’s magically magic!”, “You have to donate a kidney to do it”, etc… Finally, because I love to tinker with computers! Ok, enough for “fanboyism”, let’s move on…

[Shred →]



Ora tocca a te / Your turn now

Inserisci i tuoi dati qui sotto o clicca su un'icona per effettuare l'accesso:


Stai commentando usando il tuo account Chiudi sessione /  Modifica )

Google+ photo

Stai commentando usando il tuo account Google+. Chiudi sessione /  Modifica )

Foto Twitter

Stai commentando usando il tuo account Twitter. Chiudi sessione /  Modifica )

Foto di Facebook

Stai commentando usando il tuo account Facebook. Chiudi sessione /  Modifica )


Connessione a %s...

This site uses Akismet to reduce spam. Learn how your comment data is processed.