8

There's many 3rd party tools people have designed to perform secure deletion, but I don't know of any filesystems where secure deletion is built in. In fact, secure deletion has to work around features of filesystems like journaling that (inadvertently) make secure deletion more difficult. Are there any filesystems that allow secure deletion as a feature?

My own research revealed a set of patches to ext4 by an Allison Henderson, but the last references I can find for this are from 2011. They appear to be not perfect, but far better than the complete non-wipe that happens in most, if not all modern filesystems.

Steve Sether
  • 21,480
  • 8
  • 50
  • 76
  • 2
    OSX has this feature built into the empty trash utility, but i'm not sure that it's part of the filesystem itself – KDEx Dec 29 '14 at 23:09
  • 1
    To correctly implement file shredding, knowledge about underlying physical device is necessary (especially wiping SSDs is tricky business). I doubt such complicated and ephemeral logic can effectively be squeezed into something as small and rock-solid as filesystem. – Agent_L Jan 02 '15 at 14:27

2 Answers2

10

NTFS sort of does if you include The Encrypting File System as part of it.

The Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS

Secure deletion is supported by cipher.exe:

You can use the Windows Cipher utility (with the /W option) to wipe free space including that which still contains deleted plaintext files

And on the Microsoft page:

Cipher.exe is a command-line tool... that provides the ability to permanently overwrite (or "wipe") all of the deleted data on a hard disk. This feature improves security by ensuring that even an attacker who gained complete physical control of a Windows 2000 computer would be unable to recover previously-deleted data.

This would still require a two step operation in order to remove files securely:

del c:\foo\bar.txt
cipher /w:c:\foo

Therefore this would not work with applications that deleted files as part of their operation unless cipher was manually ran later. You could, however, schedule cipher /w:c:\ to run on a regular basis in order to wipe deleted files from the disk.

SilverlightFox
  • 33,408
  • 6
  • 67
  • 178
4

Secure deletion is generally built indirectly:

  • Encrypt the data with a randomly-generated key.
  • Store the key in a single place (perhaps itself encrypted with a key derived from a password).

Then, instead of deleting all the bits of the data, the secure deletion process only needs to ensure that it wipes the key.

This allows the key file to be stored on a different media type than the file data, for example the file data can be on a hard disk or SSD and the key data on a smaller but more secure device such as a removable flash drive (which you always carry with you) or a smartcard (which makes extracting the key difficult). To destroy the key, it is enough to wipe or destroy the small, cheap media containing the key.

This setup is easy to arrange at the whole-filesystem level (for example, LUKS under Linux can work with a keyfile stored on a different media or with a password that is stored on an OpenPGP smartcard), but I don't know of any ready-made solution at a per-file level.

It's not very convenient, but you can build something with encfs under Linux. Encfs encrypts a directory tree with a key that is stored in a file (.encfs6.xml at the root of the encrypted tree). You can move this file to another storage device (which can be read-only) and create a symbolic link. Then you can effectively wipe the encrypted tree by destroying or wiping the device containing the key. The key file only needs to be written once, so as long as you use a filesystem that doesn't reallocate blocks (e.g. ext2), overwriting the file in place is enough to wipe the prior content (at least at the logical level; flash drives do their own block reallocation so it may still be possible to recover the data by taking the drive apart to bypass the controller).

Gilles 'SO- stop being evil'
  • 50,912
  • 13
  • 120
  • 179