shred (Unix)

shred is a Unix command that can be used to securely delete files and devices so that they can be recovered only with great difficulty with specialised hardware, if at all.¹ It is a part of GNU Core Utilities.

Background

For more details on this topic, see data erasure.

For efficiency, erasing a file usually only erases the file system entry and keeps the content of the file intact. This frequently allows the file to be recovered using commonly available software. Even if the file is overwritten, residual magnetic fields may allow data recovery using specialist hardware equipment. To prevent this, shred overwrites the file multiple times using patterns chosen to maximize destruction of the residual data.

Features

shred can be invoked either on ordinary files or on devices (such as hard disk partitions), which are represented as files in Unix. By default, the command overwrites the file three times with multiple patterns, but the number is user configurable. It has an option to do an additional final overwrite with zeroes, which may help to hide the fact that it was used.

By default, shred also shreds file slack (unused space in file allocations). For example, a 5 KB file on a file system with 4 KB clusters actually requires 8 KB of storage. Shred has an option to overwrite only the file itself, as well as an option to delete the file after it has completed operation.

Limitations

A limitation of shred when invoked on ordinary files is that it only overwrites the data in place without overwriting other copies of the file. Copies can manifest themselves in a variety of ways, such as through manual and automatic backups, file system snapshots, copy-on-write filesystems, wear leveling on flash drives, caching such as NFS caching, and journaling. All limitations imposed by the file system can be overcome by shredding every device on which the data resides instead of specific files. However, since wear leveled devices do not guarantee a fixed relationship between logical blocks addressable through the interface and the physical locations in which the data is stored, shredding may not provide adequate security. If available, the SATA secure erase command, issued through hdparm or a similar utility, may be helpful in this situation. Even for magnetic devices, SATA secure erase will be faster and more reliable than shredding. Physical destruction may be necessary to securely erase devices such as memory cards and unusable hard disks.

References

shred invocation, GNU Coreutils. Accessed February 3, 2009.
Shred and secure-delete, Free Software Magazine. November 29, 2008. Accessed February 3, 2009.
Secure Erase Definition, About.com. Accessed April 17, 2012.
How To Completely Erase a Hard Drive, About.com. Accessed April 17, 2012.

Notes

1.^ The data remanence article provides citations to publications that investigate the security of shredding.

Data erasure

Methods	Overwriting, degaussing, encryption and physical destruction Sanitization

Schemes	Gutmann method DoD 5220.22-M AFSSI-5020

Software	BCWipe BleachBit CCleaner Data Shredder Darik's Boot and Nuke dd Disk Utility Factory reset HDDerase Hdparm shred ShredIt srm TuneUp Utilities Zeero

Legal	Health Insurance Portability and Accountability Act Personal Information Protection and Electronic Documents Act Gramm–Leach–Bliley Act SB 1386 Sarbanes–Oxley Act

List of data erasing software

This article is issued from Wikipedia - version of the 5/6/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.