Using "shred" to Securely Delete Files
Security - Security Tools

Using "shred" to Securely Delete Files

When you use the "rm" utility, you may think that you're deleting a file, but you're not. All you're doing is removing the file's index--or, inode number--from the hard drive. The file is still there, and can still be recovered, as long as you don't overwrite the space that it occupies with another file. (Even then, recovery experts still might be able to retrieve it.)

If you have sensitive files that you need to delete, consider using "shred". This handy utility will overwrite a file with gibberish multiple times, and optionally, will delete the file. To see how this works, let's create the "secret.txt" file.

Use shred at your own risk...it can lead to serious problems!!!!! shred may not work correctly for JFS, XFS, EXT3 ,NFS or RAID systems because they are journaled systems and may allow the reconstruction of the file.

cat > secret.txt

This is a secret file. Nobody but me is to read it.

We can use "less" to read this file, the same as we would any other text file.

less secret.txt

This is a secret file. Nobody but me is to read it.

Now, we've finished with the file, and want to render it useless to anyone else. If we use "shred" without any option switches, we won't delete the file, but we will overwrite it with gibberish.

shred secret.txt

less secret.txt

"secret.txt" may be a binary file. See it anyway?

 

The output will look something like:

^Dm<A4><E0><A6><CE>R<D8><EB>m^A<AF><B2><C6>A'DLn<CE>^T<D5><C8><DE>¹<85><F0><8B>ƍ<AB>J<C3>o<FF>¯&<B5><E9><F3>(<U+A8B6>

<U+AF267>lE<A1><AB><A4><DC><F6><E8><8E><E7>N<9B><EA>މ^U<B5>JlG<AB>BN^? %<E2>Q^K[$<92>c'$<ED> ^\V<F5>Y~<F3>vJ<8D><BD><87> <93><8D>^^^^<FA>^\<A7><E5>S~W<ED>hդ<AE><B1><95>^B}k[C<F1>`j#<AA><A2><A8>_<EB><99>j<8E><D7>q^V6<9C>6<D0>)=<BC><A9>5<A1>(6zG

<DA>^@r<91>V'u<97>}<B7>>֤<B8><91><94>%<AA>&5<BE>^E i<B3>l^M<C1>^^⊿ܟxT<9F><C6><E5>n<F1>^Z<B6>P<CB><FD><E1><83><<EA>u9g9<E8>+

^W<92>D<C8><C7>/^@ ^Fx^<E0>0|<99>smJ<F5>^@^T<FC>lz<A0><CF><U+A90B>^_<A0>1^]A^X+<97><B2><9B>x^G<FB><81>ܛ9<D1>Jw<F1>f^W<CC><C7>t^N<EC>^F^T=;͔<F5>!^V<A5>tgs<D1>x<A4><B7>^UC<92>Z^F/^G<CE>3<D5>Z<AE>^Z<D5>y<C8><E1>

secret.txt

 

So, you can see that the file is no longer very useful.

If you want to both overwrite the file with gibberish, and then delete it, use the "-u" option.

shred -u secret.txt

less secret.txt

secret.txt: No such file or directory

 

If you want verbose output, so that you can see exactly what "shred" is doing for you, use the "-v" switch.

shred -u -v secret.txt

shred: secret.txt: pass 1/25 (random)...

shred: secret.txt: pass 2/25 (aaaaaa)...

shred: secret.txt: pass 3/25 (444444)...

shred: secret.txt: pass 4/25 (db6db6)...

shred: secret.txt: pass 5/25 (111111)...

shred: secret.txt: pass 6/25 (dddddd)...

shred: secret.txt: pass 7/25 (888888)...

shred: secret.txt: pass 8/25 (eeeeee)...

shred: secret.txt: pass 9/25 (000000)...

shred: secret.txt: pass 10/25 (924924)...

shred: secret.txt: pass 11/25 (249249)...

shred: secret.txt: pass 12/25 (bbbbbb)...

shred: secret.txt: pass 13/25 (random)...

shred: secret.txt: pass 14/25 (ffffff)...

shred: secret.txt: pass 15/25 (222222)...

shred: secret.txt: pass 16/25 (555555)...

shred: secret.txt: pass 17/25 (333333)...

shred: secret.txt: pass 18/25 (666666)...

shred: secret.txt: pass 19/25 (999999)...

shred: secret.txt: pass 20/25 (cccccc)...

shred: secret.txt: pass 21/25 (492492)...

shred: secret.txt: pass 22/25 (6db6db)...

shred: secret.txt: pass 23/25 (b6db6d)...

shred: secret.txt: pass 24/25 (777777)...

shred: secret.txt: pass 25/25 (random)...

shred: secret.txt: removing

shred: secret.txt: renamed to 0000000000

shred: 0000000000: renamed to 000000000

shred: 000000000: renamed to 00000000

shred: 00000000: renamed to 0000000

shred: 0000000: renamed to 000000

shred: 000000: renamed to 00000

shred: 00000: renamed to 0000

shred: 0000: renamed to 000

shred: 000: renamed to 00

shred: 00: renamed to 0

shred: secret.txt: removed

 

By default, "shred" will overwrite the file with 25 sets of gibberish data. If you're extra paranoid about your data security, you may want to use a few extra passes. For this, use the "-n" switch, followed by the number of passes you want to make.

shred -u -v -n 40 secret.txt

shred: secret.txt: pass 1/40 (random)...

shred: secret.txt: pass 2/40 (c92492)...

shred: secret.txt: pass 3/40 (444444)...

shred: secret.txt: pass 4/40 (666666)...

shred: secret.txt: pass 5/40 (4ccccc)...

shred: secret.txt: pass 6/40 (36db6d)...

shred: secret.txt: pass 7/40 (bbbbbb)...

shred: secret.txt: pass 8/40 (cccccc)...

shred: secret.txt: pass 9/40 (800000)...

shred: secret.txt: pass 10/40 (d55555)...

shred: secret.txt: pass 11/40 (6db6db)...

shred: secret.txt: pass 12/40 (924924)...

shred: secret.txt: pass 13/40 (249249)...

shred: secret.txt: pass 14/40 (random)...

shred: secret.txt: pass 15/40 (2aaaaa)...

shred: secret.txt: pass 16/40 (f77777)...

shred: secret.txt: pass 17/40 (eeeeee)...

shred: secret.txt: pass 18/40 (333333)...

shred: secret.txt: pass 19/40 (492492)...

shred: secret.txt: pass 20/40 (db6db6)...

shred: secret.txt: pass 21/40 (888888)...

shred: secret.txt: pass 22/40 (ffffff)...

shred: secret.txt: pass 23/40 (555555)...

shred: secret.txt: pass 24/40 (dddddd)...

shred: secret.txt: pass 25/40 (edb6db)...

shred: secret.txt: pass 26/40 (aaaaaa)...

shred: secret.txt: pass 27/40 (random)...

shred: secret.txt: pass 28/40 (000000)...

shred: secret.txt: pass 29/40 (5b6db6)...

shred: secret.txt: pass 30/40 (111111)...

shred: secret.txt: pass 31/40 (a49249)...

shred: secret.txt: pass 32/40 (b6db6d)...

shred: secret.txt: pass 33/40 (124924)...

shred: secret.txt: pass 34/40 (e66666)...

shred: secret.txt: pass 35/40 (222222)...

shred: secret.txt: pass 36/40 (7fffff)...

shred: secret.txt: pass 37/40 (3bbbbb)...

shred: secret.txt: pass 38/40 (999999)...

shred: secret.txt: pass 39/40 (777777)...

shred: secret.txt: pass 40/40 (random)...

shred: secret.txt: removing

shred: secret.txt: renamed to 0000000000

shred: 0000000000: renamed to 000000000

shred: 000000000: renamed to 00000000

shred: 00000000: renamed to 0000000

shred: 0000000: renamed to 000000

shred: 000000: renamed to 00000

shred: 00000: renamed to 0000

shred: 0000: renamed to 000

shred: 000: renamed to 00

shred: 00: renamed to 0

shred: secret.txt: removed

 

 

The "-z" option tells "shred" to perform one extra pass, writing all zeroes to the file.

shred -v -z secret.txt

shred: secret.txt: pass 1/26 (random)...

shred: secret.txt: pass 2/26 (bbbbbb)...

shred: secret.txt: pass 3/26 (888888)...

shred: secret.txt: pass 4/26 (dddddd)...

shred: secret.txt: pass 5/26 (6db6db)...

shred: secret.txt: pass 6/26 (924924)...

shred: secret.txt: pass 7/26 (cccccc)...

shred: secret.txt: pass 8/26 (249249)...

shred: secret.txt: pass 9/26 (333333)...

shred: secret.txt: pass 10/26 (444444)...

shred: secret.txt: pass 11/26 (b6db6d)...

shred: secret.txt: pass 12/26 (eeeeee)...

shred: secret.txt: pass 13/26 (random)...

shred: secret.txt: pass 14/26 (000000)...

shred: secret.txt: pass 15/26 (111111)...

shred: secret.txt: pass 16/26 (db6db6)...

shred: secret.txt: pass 17/26 (492492)...

shred: secret.txt: pass 18/26 (666666)...

shred: secret.txt: pass 19/26 (999999)...

shred: secret.txt: pass 20/26 (777777)...

shred: secret.txt: pass 21/26 (222222)...

shred: secret.txt: pass 22/26 (555555)...

shred: secret.txt: pass 23/26 (ffffff)...

shred: secret.txt: pass 24/26 (aaaaaa)...

shred: secret.txt: pass 25/26 (random)...

shred: secret.txt: pass 26/26 (000000)...

 

(Of course, you can also combine the "-z" and "-u" options.)

If you need to work with a file that has had its write permissions removed, you can use the "-f" option. This way, you can eliminate the step of having to change permissions settings on the file just so you can get rid of it.

chmod a-w secret.txt

ls -l secret.txt

-r--r--r-- 1 donnie donnie 28 2008-02-15 18:15 secret.txt


shred -v -f -u secret.txt

shred: secret.txt: pass 1/25 (random)...

shred: secret.txt: pass 2/25 (db6db6)...

shred: secret.txt: pass 3/25 (333333)...

shred: secret.txt: pass 4/25 (b6db6d)...

shred: secret.txt: pass 5/25 (444444)...

shred: secret.txt: pass 6/25 (777777)...

shred: secret.txt: pass 7/25 (eeeeee)...

shred: secret.txt: pass 8/25 (999999)...

shred: secret.txt: pass 9/25 (bbbbbb)...

shred: secret.txt: pass 10/25 (555555)...

shred: secret.txt: pass 11/25 (dddddd)...

shred: secret.txt: pass 12/25 (666666)...

shred: secret.txt: pass 13/25 (random)...

shred: secret.txt: pass 14/25 (6db6db)...

shred: secret.txt: pass 15/25 (111111)...

shred: secret.txt: pass 16/25 (000000)...

shred: secret.txt: pass 17/25 (249249)...

shred: secret.txt: pass 18/25 (222222)...

shred: secret.txt: pass 19/25 (492492)...

shred: secret.txt: pass 20/25 (924924)...

shred: secret.txt: pass 21/25 (ffffff)...

shred: secret.txt: pass 22/25 (cccccc)...

shred: secret.txt: pass 23/25 (888888)...

shred: secret.txt: pass 24/25 (aaaaaa)...

shred: secret.txt: pass 25/25 (random)...

shred: secret.txt: removing

shred: secret.txt: renamed to 0000000000

shred: 0000000000: renamed to 000000000

shred: 000000000: renamed to 00000000

shred: 00000000: renamed to 0000000

shred: 0000000: renamed to 000000

shred: 000000: renamed to 00000

shred: 00000: renamed to 0000

shred: 0000: renamed to 000

shred: 000: renamed to 00

shred: 00: renamed to 0

shred: secret.txt: removed

less secret.txt

secret.txt: No such file or directory

 

You can also use "shred" to securely overwrite the contents of entire disks. For this, though, you don't want to use the "-u" option. Otherwise, you'll also destroy the disk's filesystem, and you'll then have to reformat it. Let's say you want to securely overwrite a floppy drive 50 times.

shred -n 50 /dev/fd0

After you do this, you can use "rm" to delete the files as you would normally would.

Using "shred" can make files extremely difficult, if not downright impossible, for even experts to recover. You can use it not only for text files, but also for graphics files, audio files, etc. It's already installed on your Linux system, so it's easy to add it to your security toolkit.