Document a GUI way to securely erase Flash media
As "pointed out in the forum":
https://tails.boum.org//forum/Wiping_Flash_Media:_Problem_in_TAILS_Doc/ (dead link, sorry), former versions of our documentation on secure deletion, was wrongly stating that overwriting twice the available diskspace [on a USB or solid-state drive] is usually, but not always, sufficient to securely clean the drive.
This basically says that in order to securely delete a file from a USB you could delete the file and then the run "Wipe available diskspace" even if you have other files on the volume. Which is wrong according to the paper by Wei & al..
We could propose to wipe the entire device and then reformat it. But
srm doesn't seem to run on block devices: I get "Warning: /dev/sdc is not a regular file, rename/unlink only!". On the other hand
shred seems to work as usual. It is included in Tails but doesn't have a graphical interface.
So we cannot document a GUI procedure to truly wipe a USB stick at the moment.
- Assignee set to spriver
- QA Check set to Info Needed
I tested GNOME Disks "Format Disk... → Erase" option on a USB stick and it indeed overwrite the entire device. So we might have a solution here. Still, we need to check whether doing one pass only (zeroes) is enough on flash media (reading the paper by Wei & al again as a start). And then adapt /doc/encryption_and_privacy/secure_deletion.html.
spriver: do you want to have a look?
- Subject changed from Better way to wipe Flash media to Document a GUI way to securely erase Flash media
- Easy changed from No to Yes
Actually as this ticket here is referenced onhttps://tails.boum.org/doc/encryption_and_privacy/secure_deletion/index.en.html, I will close #8047.
Next steps: document the Wipe feature of GNOME Disks. Document the difference with the currently advertised option to "wipe available disk space" using a right click in Nautilus.
Spriver: are you interested in working on this? If not, please reassign to sajolida so that we can see what should be done. Thanks!
- Description updated (diff)
Previous part of description, for future reference but now unrelated:
Now that the plans for nautilus-wipe to be based on diskscrub are abandoned, the most sensible way to fix this would probably be:
- add an option to wipe with 3 random passes, rather than a mere zero one, to the udisks Format method
- add access to this feature from Palimpsest, which seems a more appropriate place to trigger destructive operations at the block device level than a Nautilus extension
Next thing to do: report this as wishlist tickets upstream.
-> I don't think this has been done and probably our current options are well researched, so this is not part of this ticket anymore.