When you delete files from disk, you are not deleting your data! All that is removed is an entry in a directory, telling where your data is. Utilities like Norton's Disk Doctor, and lots of others, can pretty easily undelete your files. (Did you read the footnotes in the Starr report? Some of the evidence in that report came from "deleted emails".)

I use secure file deletion all the time. My company-issued laptop contains private emails, as well as sensitive financial information. Although my boss is unlikely to undelete and read that stuff, I believe in taking the same precautions with electronic information as I would with information on paper (which I always shred--even the junkmail).

For two years or so, I've used a simple shell script for erasing files. The script was published in the Linux Gazette as a "2-cent tip" entitled Binary File Access with dd. Although the script was adequate, I've grown tired of its pitiful slowness.

Enter fwipe. fwipe implements the same concept in C, and runs at least 30 times faster than the shell script. It was designed with security in mind: fwipe0, which actually erases your files, is immune to filenames containing spaces, carriage returns, dashes, or any other special characters (see the man page). You can use it in place of rm in cron jobs, together with "find ... -print0". The output of fwipe0 is specially designed to be parsed easily by machine, so it can be imbedded in other applications which need secure file erasure.

One such application is Dan Bernstein's serialmail. You can use serialmail plus fwipe0 to securely erase the contents of a maildir with the command:


      maildirserial dir prefix fwipe0 -n

Getting fwipe

fwipe was last updated on Friday, April 13, 2001, to version 0.36. Changes: updated errno handling for current glibc.

Changes in 0.35: added RPM spec file.

Changes in 0.30: added "slowness" feature to reduce I/O load and improve console responsiveness during large wipes. Changes in version 0.25: switched to unbuffered writes to reduce CPU consumption; bugfix--now fwipe overwrites with 0's and 1's.

Download fwipe from this site (about 27K).

You can also see the lsm entry. Or get fwipe from the sunsite archive.

If you benefit from fwipe, please consider contributing.

Installation 

	tar xvzf fwipe-VERSION.tar.gz
	cd fwipe-VERSION
	make
	make setup check

Licensing

fwipe is issued under the BSD license. Some of the source code for fwipe was borrowed from Dan Bernstein, who has not specified what license applies to his code. From his public remarks, I am confident that he doesn't care what is done with his code, as long as:

  1. Nobody thinks that Dan is responsible for your project,
  2. Nobody thinks that Dan endorses your use of his code, and
  3. Nobody bothers Dan about problems with your project, including code borrowed from him.

Note that these restrictions are really a restatement of the spirit of the BSD license. If you use any of my code, I don't want people bothering me, either! The BSD license, together with the DBD (``Don't Bother Dan'') clause, is included in the fwipe distribution. You can also read it here.

Contact

Send any patches, bugs, complaints, free beer, etc to me. Len Budney lbudney@pobox.com

 
 

Top

Len Budney
lbudney@pobox.com
Copyright © 1998 - 2004
Page generated: 20:26:43 09-Apr-2006