Shred (Unix)
{{Short description|Unix command to securely delete files and devices}}
{{more footnotes|date=March 2015}}
{{lowercase title|title=shred (Unix)}}
{{Infobox software
| name = shred
| logo =
| screenshot =
| screenshot size =
| caption =
| author =
| developer = Colin Plumb
| released =
| latest release version =
| latest release date =
| operating system = Unix-like
| platform = Cross-platform
| genre = Command
| license =
| website =
}}
{{mono|shred}} is a command on Unix-like operating systems that can be used to securely delete files and devices so that it is extremely difficult to recover them, even with specialized hardware and technology; assuming recovery is possible at all, which is not always the case. It is a part of GNU Core Utilities.{{cite web |title=shred invocation (GNU Coreutils 9.3) |url=https://www.gnu.org/software/coreutils/manual/html_node/shred-invocation.html |website=www.gnu.org}} Being based on the Gutmann method paper, it suffers from the same criticisms and possible shortcomings.
Background
{{further|Data erasure}}
For efficiency, the process of erasing a file from storage using the {{mono|rm}} command usually only erases the file's file-system entry while keeping the content of the file intact. This frequently allows commonly available software to recover the "erased" file's data. If the file data is stored on magnetic media such as a HDD, even if the file is overwritten, residual magnetic fields may allow data recovery using specialist hardware equipment (this claim is disputed; see {{section link|Gutmann method|Criticism}}). To prevent this, {{mono|shred}} overwrites the contents of a file multiple times, using patterns chosen to maximize destruction of the residual data.
Features
{{mono|shred}} can be invoked either on ordinary files or on devices (such as hard disk partitions), which are represented as files in Unix. By default, the command overwrites the file three times with multiple patterns, but the number is user configurable. It has an option to do an additional final overwrite with zeroes, which may help to hide the fact that it was used.
By default, shred also shreds file slack (unused space in file allocations). For example, a 5 KB file on a file system with 4 KB clusters actually requires 8 KB of storage. Shred has an option to overwrite only the file itself, as well as an option to delete the file after it has completed operation.
Limitations
A limitation of {{mono|shred}} when invoked on ordinary files is that it only overwrites the data in place without overwriting other copies of the file. Copies can manifest themselves in a variety of ways, such as through manual and automatic backups, file system snapshots, copy-on-write filesystems, wear leveling on flash drives, caching such as NFS caching, and journaling. All limitations imposed by the file system can be overcome by shredding every device on which the data resides instead of specific files. However, since wear leveled devices do not guarantee a fixed relationship between logical blocks addressable through the interface and the physical locations in which the data is stored, shredding may not provide adequate security. If available, the SATA secure erase command, issued through hdparm or a similar utility, may be helpful in this situation. Even for magnetic devices, SATA secure erase will be faster and more reliable than shredding. Physical destruction may be necessary to securely erase devices such as memory cards and unusable hard disks.
Gutmann method, which {{mono|shred}} is based on, is known to fail on USB sticks.{{cite Q | Q115346857
|url=https://www.usenix.org/legacy/events/fast11/tech/full_papers/Wei.pdf
| journal = FAST'11: Proceedings of the 9th USENIX conference on File and storage technologies
| access-date = 2018-01-08
| ref = {{sfnref|Wei|2011}}
}}
Alternatives
The {{code|scrub}} command overwrite sequence of data being compliant with a Dec. 2005 draft of National Nuclear Security Administration Policy Letter NAP-14.x. Written by Jim Garlick of LLNL, it offers a selection of overwrite sequences, though all ultimately suffer from the same limitations outlined above.{{man|1|scrub|FreeBSD}}
See also
- {{Annotated link|BleachBit}}
References
{{Reflist}}
- [https://www.gnu.org/software/coreutils/manual/html_node/shred-invocation.html shred invocation], GNU Coreutils. Accessed February 3, 2009.
- [http://freesoftwaremagazine.com/articles/shred_and_secure_delete_tools_wiping_files_partitions_and_disks_gnu_linux/ Shred and secure-delete], Free Software Magazine. November 29, 2008. Accessed February 3, 2009.
- [http://pcsupport.about.com/od/termss/g/secure-erase.htm Secure Erase Definition] {{Webarchive|url=https://web.archive.org/web/20121118232110/http://pcsupport.about.com/od/termss/g/secure-erase.htm |date=2012-11-18 }}, About.com. Accessed April 17, 2012.
- [http://pcsupport.about.com/od/toolsofthetrade/tp/erase-hard-drive.htm How To Completely Erase a Hard Drive] {{Webarchive|url=https://web.archive.org/web/20121118232101/http://pcsupport.about.com/od/toolsofthetrade/tp/erase-hard-drive.htm |date=2012-11-18 }}, About.com. Accessed April 17, 2012.
External links
- {{man|1|shred|die.net}}
{{Core Utilities commands}}
{{Data erasure}}
Category:Unix file system-related software