Personality Cafe banner

1 - 5 of 5 Posts

·
Registered
Joined
·
980 Posts
Discussion Starter #1
Since the mid 2000’s I have been keeping my confidential client files/clinical notes/supervision notes/audio recordings in encrypted file containers, initially using Truecrypt and and more recently Veracrypt. I do this just to keep my files safe from prying eyes and if my laptop got stolen, to protect my clients. I am a linux user.

When the time comes to delete those files, usually yearly, rather than deleting each individual folder/file one at a time, I create another encrypted file container, put the files I want to delete into that, and then use secure-delete to wipe the file like this.

srm -frvz (file name) Wipe mode is secure (38 special passes)

This only takes 3-4 minutes to delete a 1GB container file.

What I want to know is how safe this is?

Is it safer to secure-delete (srm) files in an encrypted file container or is it just the same as secure-deleting them individually outside of the container.

What happens when you secure-delete (srm) an encrypted container?

Do the shredded fragments remain in an encrypted state or do the fragments revert to a readable state that can be recovered using a recovery program

many thinks and gratitude
 

·
Registered
Joined
·
6,367 Posts
Do the shredded fragments remain in an encrypted state or do the fragments revert to a readable state that can be recovered using a recovery program
When you secure-delete anything, it's almost impossible to get it back, as all of the data is overwritten multiple times. Also, the data isn't reverted to a readable state, as that would imply that the data would be on the disk in a readable state or that it's decrypted before being deleted, both of which don't make sense. So even if someone would be able to somehow recover (some of) the deleted data, it would still be encrypted.

Is it safer to secure-delete (srm) files in an encrypted file container or is it just the same as secure-deleting them individually outside of the container.
Double encrypting it doesn't significantly increase security, especially assuming you use the same encrypting mechanic twice.
 

·
Banned
Joined
·
1,428 Posts
master of time and space said:
Is it safer to secure-delete (srm) files in an encrypted file container or is it just the same as secure-deleting them individually outside of the container
You should never store sensitive data unencrypted on a drive, neither before nor after it is encrypted on the fly in a Veracrypt volume.

The file deletion software doesn't know how the controller of your drive works, which is why you should apply maximum encryption to the data you want to delete by choosing the best password/pass phrase you can manage.

https://en.wikipedia.org/wiki/Password_strength

srm -frvz (file name) Wipe mode is secure (38 special passes)
So many passes don't seem to be necessary:

https://www.lifewire.com/gutmann-method-2625891

Do the shredded fragments remain in an encrypted state or do the fragments revert to a readable state that can be recovered using a recovery program
The fragments of the encrypted data are encrypted fragments, of course.


EFF: Secure Deletion on Solid-state Disks (SSDs), USB Flash Drives, and SD Cards

Unfortunately due to the way SSDs, USB flash drives, and SD cards work, it is difficult, if not impossible, to securely delete both individual files and free space. As a result your best bet in terms of protection is to use encryption—that way, even if the file is still on the disk, it will at least look like gibberish to anyone who gets ahold of it and can’t force you to decrypt it. At this point in time, we cannot provide a good general procedure that will definitely remove your data from an SSD. If you want to know why it’s so hard to delete data, read on.

As we mentioned above, SSDs and USB flash drives use a technique called wear leveling. At a high level, wear leveling works as follows. The space on every disk is divided into blocks, kind of like the pages in a book. When a file is written to disk, it’s assigned to a certain block or set of blocks (pages). If you wanted to overwrite the file then all you would have to do is tell the disk to overwrite those blocks. But in SSDs and USB drives, erasing and re-writing the same block can wear it out. Each block can only be erased and rewritten a limited number of times before that block just won’t work anymore (the same way if you keep writing and erasing with a pencil and paper, eventually the paper might rip and be useless).

To counteract this, SSDs and USB drives will try to make sure that the amount of times each block has been erased and rewritten is about the same, so that the drive will last as long as possible (thus the term wear leveling). As a side effect, sometimes instead of erasing and writing the block a file was originally stored on, the drive will instead leave that block alone, mark it as invalid, and just write the modified file to a different block. This is kind of like leaving the page in the book unchanged, writing the modified file on a different page, and then just updating the book’s table of contents to point to the new page. All of this occurs at a very low level in the electronics of the disk, so the operating system doesn’t even realize it’s happened. This means, however, that even if you try to overwrite a file, there’s no guarantee the drive will actually overwrite it—and that’s why secure deletion with SSDs is so much harder. (S) A B
 

·
Registered
Joined
·
980 Posts
Discussion Starter #4
Superb

Thank you

I do use an 8 word passphrase selected randomly using the diceware long word list. I have three passphrases that I have memorised to use when needed.

https://www.eff.org/deeplinks/2016/07/new-wordlists-random-passphrases

I recommend everyone use passphrases and ditch passwords, passphrases are easy to remember and difficult to crack using brute force. Imagine how virtually impossible it would be to crack a 5 word passphrase on your wifi, something like: “alias atlas diary fetal label” with the space between you have a 29 letter passphrase. you just need a dice and the word list and 10 minutes of your time.

I used to use a 36 digit password with random numbers, letters, upper case, lower case, special characters etc, what a nightmare to remember them if you don't use them very often,

All my sensitive files live permanently in the encrypted container and are never on the unencrypted part of the drive.

I cannot afford SSD drives so I am stuck with HDD drives for now. Not sure I want to upgrade because of the issues around secure deletion and recovery with SSD. SSD’s are great for gaming because of the speed though.
 

·
Registered
Joined
·
3,790 Posts
Superb

Thank you

I do use an 8 word passphrase selected randomly using the diceware long word list. I have three passphrases that I have memorised to use when needed.

https://www.eff.org/deeplinks/2016/07/new-wordlists-random-passphrases

I recommend everyone use passphrases and ditch passwords, passphrases are easy to remember and difficult to crack using brute force. Imagine how virtually impossible it would be to crack a 5 word passphrase on your wifi, something like: “alias atlas diary fetal label” with the space between you have a 29 letter passphrase. you just need a dice and the word list and 10 minutes of your time.

I used to use a 36 digit password with random numbers, letters, upper case, lower case, special characters etc, what a nightmare to remember them if you don't use them very often,

All my sensitive files live permanently in the encrypted container and are never on the unencrypted part of the drive.

I cannot afford SSD drives so I am stuck with HDD drives for now. Not sure I want to upgrade because of the issues around secure deletion and recovery with SSD. SSD’s are great for gaming because of the speed though.

Your method of only storing sensitive files in encrypted archives even when they are to be deleted sounds like a good way to deal with the issue.
Something to research: From my layperson's understanding, with SSD storage, a "secure enough delete" could probably be achieved by repeating the process of creating a semi-random file the size of ([free space]-5%) and deleting it a couple of times (in Unix-like systems this can be done either using openssl, or by using the dd command, pulling data from /dev/urandom), then letting TRIM do its job. As long as the sensitive data was never stored in unencrypted format, that should be OK.
Note, though, that unless you also do full-disk encryption (which you seem to do), you run the risk of data leakage by ways of the temporary files created by the software with which you manipulate your sensitive data. Your office suite likely stores working copies of your documents in a temporary folder, for example.

And of course: With full-disk encryption, your volume doesn't necessarily become unreadable unless you fully turn your computer off. For example eCryptFS in Ubuntu 16.04 suffers from a bug in systemd where only logging off doesn't always trigger the unmounting of your home directory (which should be default behavior).
In other words: If you have a full disk-encrypted laptop, don't just close the lid and expect your sensitive information to be secure.
 
1 - 5 of 5 Posts
Top