March 6, 2006

CLI Magic: Securely deleting files with shred

Author: Shashank Sharma

I used to think a simple format of a hard drive was enough to make data recovery impossible, but I was wrong. To ensure that details of your secret love affair, bank account passwords, and daily porn site visits cannot be recovered, use shred.

Deleting a file with the rm command merely adds a file's data blocks back to the system's free list. A file can be restored easily if its "freed" blocks have not been used again. shred repeatedly overwrites a file's space on the hard disk with random data, so even if a data recovery tool finds your file, it will be unreadable. By default, shred does not delete a file, but you can use the -u or --remove switch to delete it.

You can use shred on a file or entire partitions or disks, but you cannot use shred on the partition from which you are running it. In other words, if you have Ubuntu 5.10 installed on /dev/hda1, you cannot boot into it and run the command shred /dev/hda1. Instead, try using Knoppix or another live CD with shred if you wish to work on an entire partition.

By default shred overwrites a file 25 times with random data. You can increase or decrease the number of repetitions using the -n switch. For instance, shred -n 5 -v visit_sites.txt would overwrite the file visit_sites.txt five times and show you the the progress (-v).

If you don't have the right permissions to write a file you can use the -f switch, which changes permissions to allow writing on the file. Another option, the -z switch, writes zeroes on the file after shred overwrites it with random data. This is helpful when you feel that random data in a file might look like encrypted data and arouse suspicion.

When using shred on an entire partition, I suggest you use the -n to reduce the number of passes in order to reduce the time the operation takes.

On completion, shred prints out either zero or a non-zero value to respectively indicate success or failure.

While shred might not work on bad sectors, it is one of the best tools available to securely erase data from your hard disk. It is always more secure to run shred on a complete partition rather than a file, because some filesystems keep backup files and shred makes no attempt to delete these. For the extremely paranoid, however, no command works better than concentrated sulphuric acid.

Shashank Sharma is studying for a degree in computer science. He specializes in writing about free and open source software for new users.