Re: [dm-crypt] (OT) Secure data wipe

From: Arno Wagner <arno@wagner.name>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] (OT) Secure data wipe
Date: Sun, 9 Dec 2012 17:18:15 +0100	[thread overview]
Message-ID: <20121209161815.GA17603@tansi.org> (raw)
In-Reply-To: <20232.77.109.139.26.1355052014.squirrel@lavabit.com>

Sent the my original reply by accident only to the OP. Here
a copy for the list:

I comment on this in the cryptsetup FAQ in items 5.4, 5.5 and 5.19.
For the case of a non-LUKS container, the current state-of-the-art
is that for HDDs a single pass of zeros is enough and for any type
of non-valitele memory (SSD, USB-key, etc.) it is unclear. In all
cases encryption helps. Defect management may complicate things for
HDDs and SSDs, but for HDDs you can at least query the reallocated
count in teh SMART status to see whether that happened.

As to swap, you can either disable it or use encrypted swap,
possibly with an one-tile boot-up key, and, if you like
frequent key-changes.

You can only secure-delete a single file if you understand what
your filesystem does. The thing you have heard is complete
nonsense though. One way with some filesystems is to overwrite
the original file. The Linux tool "wipe" does that. It is
insecure with ext3 (data may be in the log) btrfs (later writes
may not go to the same sectors) and others. You can delete the
file and overwtite all empty space, but that may leave some
leftovers.

As to papers, for HDDs, look at the original Gutman paper and its
adendum:
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html

For SSDs, look at
http://www.usenix.org/events/fast11/tech/full_papers/Wei.pdf
and possibly its references.

Arno

On Sun, Dec 09, 2012 at 06:20:14AM -0500, jugree@lavabit.com wrote:
> Hello.
> 
> How to securely delete data from a hard drive? Is it possible without
> physical destruction?
> 
> How to work with sensitive data if you're using swap? Is it enough to
> run `swapoff', decrypt some data, encrypt it again, and run `swapon'?
> 
> Is it possible to securely delete a single file? I've heard that you
> should create another file with the same name, write some data to it,
> and delete it.
> 
> This is a popular topic, but it's really hard to find any proofs.
> 
> Can you suggest any books or papers on the subject?
> 
> 
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
One of the painful things about our time is that those who feel certainty
are stupid, and those with any imagination and understanding are filled
with doubt and indecision. -- Bertrand Russell