Trash, Delete, Shred
Keunwoo Lee
klee at cs.washington.edu
Wed Jul 2 19:49:45 BST 2003
On Sat, 28 Jun 2003, Michael S. Mikowski wrote:
> On Saturday 28 June 2003 17:58, Dawit A. wrote:
>
> <snip>
> > Not everybody does this and the idea of shreding in the real world is
> > completely different than that of the digital one. See the current debate
> > about the existing "Shred" feature in konqueror. Sherding can be done with
> > some degree of reliability in the real world whereas such action cannot be
> > guaranteed for magnetic storage medium. The only reliable way to
> > completely destroy information from a hard drive is to dismantle it and
> > burn the platters IIRC.
> </snip>
>
> Yes, that's true from what I understand. But security is always a
> matter of degrees. Physical shredding isn't fool proof either -- I
> remember old pictures of shredded documents the KGB painstakingly
> reconstructed from CIA trash. The point, however, is to make it more
> expensive to recover the data. Does electronic shredding do this?
It depends on the filesystem, and many other variables. See man shred(1).
This is a paper people often cite:
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
Google also turns up this recent response, which mostly confirms the
paper's findings:
http://www.doxpara.com/read.php/security/secure_deletion.html
With the introduction of ext3 and other journaling filesystems, I believe
that filesystems like ext2 (where shred had at least a fighting chance of
working properly) are going to see less and less use. The result
eventually will be that most users are working on filesystems that don't
support shredding, but the menu option will be there anyway. Of course,
one could put off removing the menu option until that day arrives.
OTOH you are correct that security is a matter of degrees. It's widely
known the government can factor 1024-bit RSA keys in seconds or minutes
(Google "Lucky Green 1024 bit RSA"). This doesn't stop us from using
1024-bit RSA keys, because they are sufficient to stop a casual, or even
motivated but not well-financed, attacker.
Recovery of data from magnetic media through physical means is not
something your average hacker can cook up in a basement---it requires
access to special equipment and techniques that are not publicly
available. OnTrack, for example, charges at least many hundreds of
dollars to recover a hard disk. On the "right" configurations, shred does
increase the cost of recovery by several orders of magnitude (running a
software utility vs. obtaining the physical disk and sending it to a
recovery service), making it an effective security measure.
However, the user will usually *not* know whether (s)he has the "right"
configuration to make shred work.
~k
--
GPG public key id: 0x5CFD1761 (available on a key server near you)
More information about the kfm-devel
mailing list