You're viewing a single post. I have much more to say! The main blog page is a good starting point.

Securely remove files with shred

Monday, September 10, 2007 ★ 23:26 ★ Category Linux

Miguel,

Your script to edit a temporarily decrypted file, which is automatically encrypted after you’re done editing uses a primitive method to remove the temporary decrypted data. Using vi’s no-backup mode is a smart thing to do (it disables all backup files and undo caches), but the file itself is just overwritten once. Try shred instead: shred -u tmpfile.txt. Note that this is not 100% safe either: your filesystem might keep the unencrypted data somewhere, e.g. in the journal, on a network disk, or in a filesystem snapshot.

My personal opinion is that shred is good enough for me on (local) disks. See for yourself.

Update: If you want some (or all) of your applications to securely remove files, you might want to try libsd instead. This shared library goes into your LD_PRELOAD path and replaces some of the standard C functions like open() and truncate() with overwrite-with-random-data equivalents. Note that this severely reduces system performance. Thanks to Folkert van Heusden for the pointer.