Better way to wipe Flash media
|QA Check:||Info Needed||Blueprint:|
|Type of work:||Communicate||Affected tool:|
As pointed out in the forum, former versions of our documentation on secure deletion, was wrongly stating that overwriting twice the available diskspace [on a USB or solid-state drive] is usually, but not always, sufficient to securely clean the drive.
This basically says that in order to securely delete a file from a USB you could delete the file and then the run "Wipe available diskspace" even if you have other files on the volume. Which is wrong according to the paper by Wei & al..
We could propose to wipe the entire device and then reformat it. But
srm doesn't seem to run on block devices: I get "Warning: /dev/sdc is not a regular file, rename/unlink only!". On the other hand
shred seems to work as usual. It is included in Tails but doesn't have a graphical interface.
So we cannot document a GUI procedure to truly wipe a USB stick at the moment.
The documentation was fixed in June.
Now that the plans for nautilus-wipe to be based on diskscrub are abandoned, the most sensible way to fix this would probably be:
- add an option to wipe with 3 random passes, rather than a mere zero one, to the udisks Format method
- add access to this feature from Palimpsest, which seems a more appropriate place to trigger destructive operations at the block device level than a Nautilus extension
Next thing to do: report this as wishlist tickets upstream.
- Assignee set to spriver
- QA Check set to Info Needed
I tested GNOME Disks "Format Disk... → Erase" option on a USB stick and it indeed overwrite the entire device. So we might have a solution here. Still, we need to check whether doing one pass only (zeroes) is enough on flash media (reading the paper by Wei & al again as a start). And then adapt /doc/encryption_and_privacy/secure_deletion.html.
spriver: do you want to have a look?