Wipe

from Wikipedia, the free encyclopedia

Wipe (from the English for "wipe" or "clean") is eraser software that is used to securely delete files under Linux and Windows . When a file is deleted Wipe, it overrides this several times with zeros special bit - patterns and / or random data . This is to ensure that the deleted data can no longer be reconstructed by forensic analysis of magnetic data carriers (such as hard drives or floppy disks ).

Deleting a file with wipe takes longer than normal deletion because, on the one hand, the file is completely overwritten several times and, on the other hand, the random data required is not always available. Overwriting data with zeros once is enough, contrary to previous opinion, to make recovery practically impossible.

Comparison with the standard delete operation

The deletion of files is normally done by calling the operation unlinkof the operating system . This call is usually made by the command rm(e.g. under Unix ) or del(e.g. under DOS or Windows ) or by making a corresponding selection in the graphical user interface . unlinknormally only removes the entry in the table of contents of the file system concerned , i.e. H. ultimately just the inode . The user data are still available and can be read out using the simplest of means. If data is to be stored in the file system again, this released storage space is available, but it can still be reconstructed using complex methods.

background

The use of Wipe is always recommended when sensitive data should not fall into the hands of others. The Wipe manpage even recommends wiping all private data off notebooks returned for repair beforehand. The same applies to the sale of hard disks with formerly important content (the hard disk as a whole can, however, be overwritten several times with data, e.g. by using the Unix command dd).

Boundaries of wipe

Wipe depends crucially on the structure of the file system. Older systems, such as the Ext2 used under Linux or the FAT or FAT32 known from Windows / DOS, do not cause any problems in connection with Wipe, as they do not keep a journal of file system transactions. So-called journaling file systems , such as ReiserFS or Ext3 , keep records of write operations carried out in order to prevent the time-consuming search for errors in the file system in the event of an error. However, data on the files to be deleted can be stored in this journal. However, Wipe is not able to change this journal, because this requires a profound intervention in the driver structure of the file system at the core level . For this reason, Wipe's mode of operation in journaling file systems can only be implemented using the file system driver.

Another problem are the reserve blocks that are used by the memory controller if the error rate in the memory blocks used exceeds a critical limit value: The memory controller then copies the data from the relevant block into a reserve block and then only uses this instead original, but - with IDE hard drives - transparent for the application software, so that not even the interface drivers to the hardware know about this process. The data saved in this way in the original block cannot therefore be overwritten. This is not only the case with hard drives, but also with many other storage media; for example with the multimedia card (MMC). With hard disks this can be monitored by reading out the number of defective blocks, for example under Linux and under Cygwin / MS-Windows with the first HDD / SSD using 

smartctl -a /dev/sda | awk '/Reallocated_S/{ print $10 }'

but don't prevent it.

Recently, the problem that on data storage media such as most flash memories , so-called wear-leveling algorithms ensure that when existing data is overwritten, it is stored at a different physical address in the memory. This removes the possibility of programs such as Wipe to be able to specifically overwrite data on the memory. Also on flash memories with z. B. FAT32 file system such a secure deletion is no longer possible.

Alternatives

A very similar program with a comparable range of functions, which cannot overwrite any directories, but is preinstalled as a member of the GNU Core Utilities in every Linux distribution , is Shred .

Web links

Individual evidence

  1. Harald Bögeholz: Secure deletion: overwrite once is sufficient . heise.de, January 16, 2009
  2. Craig Wright, Dave Kleiman, Shyaam Sundhar RS: Overwriting Hard Drive Data: The Great Wiping Controversy . (PDF) In: Information Systems Security, Lecture Notes in Computer Science , Volume 5352, 2008, pp. 243-257.