Am Donnerstag 17 Juni 2010 schrieb Michael Lange:
> Und aus http://wiki.ubuntuusers.de/wipe entnehme ich
>
> Wipe ist ein Kommandozeilenprogramm zum sicheren Löschen und
> Überschreiben von Dateien, Ordnern und Device-Files (wie zum
> Beispiel Partitionen). Dateien, die auf diese Weise entfernt
> werden, können selbst mit forensischen Methoden der Spezialisten nicht
> mehr wiederhergestellt werden und sind unwiderruflich zerstört. Im
> Unterschied zu shred kann Wipe auch Ordner löschen und bietet ein paar
> mehr Einstellungsmöglichkeiten.
>
> was nahelegt, dass der Vorposter doch prinzipiell recht hat.
Nope. Siehe meine Erklärungen dazu. Und die Manpage von wipe:
NOTE ABOUT JOURNALING FILESYSTEMS AND SOME RECOMMENDATIONS (JUNE
2004)
Journaling filesystems (such as Ext3 or ReiserFS) are now
being used by default by most Linux distributions. No
secure deletion program that does filesystem-level calls
can sanitize files on such filesystems, because sensitive
data and metadata can be written to the journal, which can‐
not be readily accessed. Per-file secure deletion is bet‐
ter implemented in the operating system.
[...]
Be aware that harddisks are quite intelligent beasts those
days. They transparently remap defective blocks. This
means that the disk can keep an albeit corrupted (maybe
slightly) but inaccessible and unerasable copy of some of
your data. Modern disks are said to have about 100% trans‐
parent remapping capacity. You can have a look at recent
discussions on Slashdot.
[... Verschwörungstheoretische Überlegungen ...]
IMPORTANT WARNING -- READ CAREFULLY
[...]
Similarly, we cannot guarantee that wipe will actually
erase data, or that wiped data is not recoverable by
advanced means. So if nasties get your secrets because you
sold a wiped harddisk to someone you don't know, well, too
bad for you.
[...]
The best way to sanitize a storage medium is to subject it
to temperatures exceeding 1500K. As a cheap alternative,
you might use wipe at your own risk. Be aware that it is
very difficult to assess whether running wipe on a given
file will actually wipe it -- it depends on an awful lot of
factors, such as : the type of file system the file resides
on (in particular, whether the file system is a journaling
one or not), the type of storage medium used, and the least
significant bit of the phase of the moon.
Wiping over NFS or over a journalling filesystem (ReiserFS
etc.) will most probably not work.
Therefore I strongly recommend to call wipe directly on the
corresponding block device with the appropriate options.
However THIS IS AN EXTREMELY DANGEROUS THING TO DO. Be
sure to be sober. Give the right options. In particular :
don't wipe a whole harddisk (eg. wipe -kD /dev/hda is bad)
since this will destroy your master boot record. Bad idea.
Prefer wiping partitions (eg. wipe -kD /dev/hda2) is good,
provided, of course, that you have backed up all necessary
data.
Das geht also ganz in die Richtung meiner Überlegungen, dass es gar nicht
so leicht ist, zu sagen, ob wipe die Daten wirklich an Ort und Stelle
überschreibt und ob es keine anderen Kopien durch Remapping defekter
Blöcke und Ähnliches gibt.
Ciao,
--
Martin 'Helios' Steigerwald - http://www.Lichtvoll.de
GPG: 03B0 0D6C 0040 0710 4AFA B82F 991B EAAC A599 84C7
Attachment:
signature.asc
Description: This is a digitally signed message part.