shred (Unix)
shred is a Unix command that can be used to securely delete files and devices so that it is extremely difficult to recover them, even with specialized hardware and technology; assuming it's even possible to recover the file at all.1 It is a part of GNU Core Utilities.
Background
For efficiency, the process of erasing a file from storage using the rm command usually only erases the file's file-system entry while keeping the content of the file intact. This frequently allows commonly available software to recover the "erased" file's data. If the file data is stored on magnetic media such as a HDD, even if the file is overwritten, residual magnetic fields may allow data recovery using specialist hardware equipment. To prevent this, shred overwrites the contents of a file multiple times, using patterns chosen to maximize destruction of the residual data.
Features
shred can be invoked either on ordinary files or on devices (such as hard disk partitions), which are represented as files in Unix. By default, the command overwrites the file three times with multiple patterns, but the number is user configurable. It has an option to do an additional final overwrite with zeroes, which may help to hide the fact that it was used.
By default, shred also shreds file slack (unused space in file allocations). For example, a 5 KB file on a file system with 4 KB clusters actually requires 8 KB of storage. Shred has an option to overwrite only the file itself, as well as an option to delete the file after it has completed operation.
Limitations
A limitation of shred when invoked on ordinary files is that it only overwrites the data in place without overwriting other copies of the file. Copies can manifest themselves in a variety of ways, such as through manual and automatic backups, file system snapshots, copy-on-write filesystems, wear leveling on flash drives, caching such as NFS caching, and journaling. All limitations imposed by the file system can be overcome by shredding every device on which the data resides instead of specific files. However, since wear leveled devices do not guarantee a fixed relationship between logical blocks addressable through the interface and the physical locations in which the data is stored, shredding may not provide adequate security. If available, the SATA secure erase command, issued through hdparm or a similar utility, may be helpful in this situation. Even for magnetic devices, SATA secure erase will be faster and more reliable than shredding. Physical destruction may be necessary to securely erase devices such as memory cards and unusable hard disks.
Alternatives
The Scrub command overwrite sequence of data being compliant with a Dec. 2005 draft of National Nuclear Security Administration Policy Letter NAP-14.x.[1]
References
- shred invocation, GNU Coreutils. Accessed February 3, 2009.
- Shred and secure-delete, Free Software Magazine. November 29, 2008. Accessed February 3, 2009.
- Secure Erase Definition, About.com. Accessed April 17, 2012.
- How To Completely Erase a Hard Drive, About.com. Accessed April 17, 2012.
Notes
- 1.^ The data remanence article provides citations to publications that investigate the security of shredding.