Using find, it is easy to shred a directory's contents recursively (as discussed in this question). However, sometimes the filenames on their own carry sensitive information already. Is there a way to shred everything associated with some file/directory, i.e. it overwrites both file contents and file/directory names in each cycle?
Shredding everything: files/folders and corresponding filenames
filesSecurity
Best Answer
shredis mostly useless. In order to remove the content of a deleted file from the disk image, it isn't enough to overwrite the places where the file was: you need to remove all copies of the file. It's not just a matter of the file having been overwritten in place. With many types of files, there can have been multiple files with mostly the same content, because the file was edited and there are deleted backup copies left around.Additionally, if the disk becomes damaged, it may be impossible to read the data by software means, but still possible to recover it by hardware means, or by letting the disk cool down (putting a hard disk in a freezer makes it less error-prone for a little while, until it finally gives up the ghost).
The safe way to shred a file is to store it from the start inside an encrypted container protected by a strong password (generate a long enough, random password, and write it down; when you're finished with the file, burn the piece of paper). Scrub your filesystem completely (back up the data, then overwrite it with zeroes), then create an ecryptfs container and restore your files. Don't forget to scrub the backup once you're sure the restoration was successful, or stow the backup in a secure place.