Secure deletion made easy
Published by packi on

Last night I was tinkering with the source-code of kdelibs to make the thumbnail generation optional/configurable. No point in having truecrypt if your documents get thumbnailed and stored directly in your home. It ruins your deniable encryption[1] if your desktop tracks every move you make. Except if your desktop cleans up after it has run.
But then you’ve got the problem of files still lying around in unallocated inodes on your hard-drive.

One solution to this problem is to create a file containing all zeroes or just random data, fill your partition up till the brink and delete the file. This will overwrite everything you wanted to hide from the eyes from your room-mates, your geek-girlfriend or your oppressive government. And as recent studies have shown[2] [3] it’s perfectly secure to overwrite the data just once.
The problem is, it takes forever to write gigabites of zeroes to our hard drives.

This morning I’ve had this idea:

  • All inodes that get deallocated have to be stored in the free inodes table to be reused (nothing new here).
  • If an inode gets deleted put it in tthe table but flag it as “dirty” (as in still containing data).
  • If your filesystem needs to allocate inode it should prefer the dirty ones.
  • On shutdown (or periodically) go through your “dirty” inodes and fill them with zeroes.
  • Life life in happiness and peace.

The performance impact should be minimal as you don’t need to zero out the inodes that you’re reusing[4].

[4] Well that’s no entirely true, an inode that’s not used up fully may still contain compromising data. But this might be fixed by zeroing the last block of a continous inode-allocation (e.g. if the request is for 10 inodes, just zero out the last one).