This command line tool is already installed from the core utilities in Ubuntu to securely erase and overwrite single files using the Gutman method.
Fast shredding
shred -vzn 0 /dev/sdc1
erases whole partitions by overwriting everything with 0
s in a single iteration. If no legal aspects require another procedure, doing so is most probably safe to securely delete your private data.
from Craig Wright Lecture Notes in Computer Science, 2008, 5352, 243-257.
Secure shredding
shred -vzn 3 /dev/sdc1
erases the whole partition using 3 iterations with random numbers. In addition (option -z
) this writes zeros to hide the shredding process at the end. This will take 4 times longer than the fast method.
NOTE: By shredding a partition we will overwrite this partition with 0
or random numbers. It therefore efficiently deletes everything including file system caches on that partition forever. This can also be used to remove unwanted remnants of deleted files. Files we want to keep will have to be backed up before shredding.
More options, and the possibility of erasing directories in addition to single files, are offered by this command line utility.
wipe filename
wipe -r dirname
Additional notes on journaling file systems and SSDs:
Please read the notes in the linked manpages on security issues arising from still recoverable backups in journaling file systems when erasing single files. Overwriting whole partitions rather than single files will effectively erase all data even when using a journaling file system.
Erasing data on a solid state disk (SSD) can if at all only be done by overwriting the whole drive (not only single partitions) with several iterations. Some SSDs may have an inbuilt feature to erase data but this may not always be efficient (see this link from comment). At present there is no general recommendation on the wiping processes or number of erase iterations needed to securely remove all data remnants on all SSDs available.
These options can be added in the context menu of Nautilus and Thunar.
- In Thunar, open "Edit" then "Configure Custom Actions"
Add (the plus sign)
Name "Shred File"
Description whatever you like
Action "shred -u %f"
Similarly for wipe
.
Select "Appearance Conditions" and select "Other Files"
The short answer is 'no'. When I wrote ecryptfs-setup-private, I chose a set of defaults for eCryptfs that I considered sensible, secure and supportable for millions of Ubuntu users who wouldn't care much about tunables over the long haul. This limited the number of configuration combinations we had to test and support.
As you've noted, eCryptfs is very configurable if you read the docs and mount manually, while the Ubuntu Encrypted Private/Home feature has a consistent set of options everywhere.
Moreover, Bruce Schneier has recommended against using AES256, in favor of AES128:
And for new applications I suggest that people don't use AES-256.
AES-128 provides more than enough security margin for the forseeable
future.
Best Answer
You normally have all your private data in /home, especially browser cache and so on.
You might have private internet-settings in /etc/Network-Manager. Visit /etc, and look into the directories. Reconfigure your things, delete private data (WLAN key), see if everything is vanished. If not, remove by hand. mc (midnight commander) is a useful tool to iterate through directories, to view and delete files. (shred, see bottom).
Another directory with private Data might be /var/spool or /var/cache. For example the cups-printer-spooler produces summaries of printjobs, and document name, date of job can be reconstructed. Maybe you wish to clean them too.
Those files in /tmp get automatically deleted on every startup. So if you didn't reorganized things, which only you may know,
find . -delete #
or, instead of -delete, you might consider shred:find . -execdir shred -n 1 {} +
ls
If you consider to clean empty space (@intuiteds second advice, maybe we should donate a star?), It would be more easy to use a live-cd to shred the whole system (which can continue unattended) and then install a new one (needs about 45 minutes with few interactions, mostly in the beginning). This could be in general the faster solution. More than one schred-iteration is nonsense.