Shred (Unix)

shred
Developer(s)	Colin Plumb
Repository	git.savannah.gnu.org/cgit/coreutils.git/tree/src/shred.c ;
Operating system	Unix-like
Platform	Cross-platform
Type	Command
License	coreutils: GPLv3+ ; Toybox: 0BSD ;

Last updated June 08, 2023

shred is a command on Unix-like operating systems that can be used to securely delete files and devices so that it is extremely difficult to recover them, even with specialized hardware and technology; assuming it's even possible to recover the file at all. It is a part of GNU Core Utilities.^[1] Being based on the Gutmann method paper,^[1] it suffers from the same criticisms and possible shortcomings.

Background

For efficiency, the process of erasing a file from storage using the rm command usually only erases the file's file-system entry while keeping the content of the file intact. This frequently allows commonly available software to recover the "erased" file's data. If the file data is stored on magnetic media such as a HDD, even if the file is overwritten, residual magnetic fields may allow data recovery using specialist hardware equipment (this claim is disputed; see Gutmann method § Criticism). To prevent this, shred overwrites the contents of a file multiple times, using patterns chosen to maximize destruction of the residual data.

Features

shred can be invoked either on ordinary files or on devices (such as hard disk partitions), which are represented as files in Unix. By default, the command overwrites the file three times with multiple patterns, but the number is user configurable. It has an option to do an additional final overwrite with zeroes, which may help to hide the fact that it was used.

By default, shred also shreds file slack (unused space in file allocations). For example, a 5 KB file on a file system with 4 KB clusters actually requires 8 KB of storage. Shred has an option to overwrite only the file itself, as well as an option to delete the file after it has completed operation.

Limitations

A limitation of shred when invoked on ordinary files is that it only overwrites the data in place without overwriting other copies of the file. Copies can manifest themselves in a variety of ways, such as through manual and automatic backups, file system snapshots, copy-on-write filesystems, wear leveling on flash drives, caching such as NFS caching, and journaling.^[1] All limitations imposed by the file system can be overcome by shredding every device on which the data resides instead of specific files. However, since wear leveled devices do not guarantee a fixed relationship between logical blocks addressable through the interface and the physical locations in which the data is stored, shredding may not provide adequate security. If available, the SATA secure erase command, issued through hdparm or a similar utility, may be helpful in this situation. Even for magnetic devices, SATA secure erase will be faster and more reliable than shredding. Physical destruction may be necessary to securely erase devices such as memory cards and unusable hard disks.

Gutmann method, which shred is based on, is known to fail on USB sticks.^[2]

Alternatives

The scrub command overwrite sequence of data being compliant with a Dec. 2005 draft of National Nuclear Security Administration Policy Letter NAP-14.x. Written by Jim Garlick of LLNL, it offers a selection of overwrite sequences, though all ultimately suffer from the same limitations outlined above.^[3]

Related Research Articles

In cryptography, plaintext usually means unencrypted information pending input into cryptographic algorithms, usually encryption algorithms. This usually refers to data that is transmitted or stored unencrypted.

The ln command is a standard Unix command utility used to create a hard link or a symbolic link (symlink) to an existing file or directory. The use of a hard link allows multiple filenames to be associated with the same file since a hard link points to the inode of a given file, the data of which is stored on disk. On the other hand, symbolic links are special files that refer to other files by name.

Disk formatting is the process of preparing a data storage device such as a hard disk drive, solid-state drive, floppy disk, memory card or USB flash drive for initial use. In some cases, the formatting operation may also create one or more new file systems. The first part of the formatting process that performs basic medium preparation is often referred to as "low-level formatting". Partitioning is the common term for the second part of the process, dividing the device into several sub-devices and, in some cases, writing information to the device allowing an operating system to be booted from it. The third part of the process, usually termed "high-level formatting" most often refers to the process of generating a new file system. In some operating systems all or parts of these three processes can be combined or repeated at different levels and the term "format" is understood to mean an operation in which a new disk medium is fully prepared to store files. Some formatting utilities allow distinguishing between a quick format, which does not erase all existing data and a long option that does erase all existing data.

dd is a command-line utility for Unix, Plan 9, Inferno, and Unix-like operating systems and beyond, the primary purpose of which is to convert and copy files. On Unix, device drivers for hardware and special device files appear in the file system just like normal files; dd can also read and/or write from/to these files, provided that function is implemented in their respective driver. As a result, dd can be used for tasks such as backing up the boot sector of a hard drive, and obtaining a fixed amount of random data. The dd program can also perform conversions on the data as it is copied, including byte order swapping and conversion to and from the ASCII and EBCDIC text encodings.

In computing, cp is a command in various Unix and Unix-like operating systems for copying files and directories. The command has three principal modes of operation, expressed by the types of arguments presented to the program for copying a file to another file, one or more files to a directory, or for copying entire directories to another directory.

df is a standard Unix command used to display the amount of available disk space for file systems on which the invoking user has appropriate read access. df is typically implemented using the statfs or statvfs system calls.

The standard Unix command who displays a list of users who are currently logged into the computer.

mv is a Unix command that moves one or more files or directories from one place to another. If both filenames are on the same filesystem, this results in a simple file rename; otherwise the file content is copied to the new location and the old file is removed. Using mv requires the user to have write permission for the directories the file will move between. This is because mv changes the content of both directories involved in the move. When using the mv command on files located on the same filesystem, the file's timestamp is not updated.

Data remanence is the residual representation of digital data that remains even after attempts have been made to remove or erase the data. This residue may result from data being left intact by a nominal file deletion operation, by reformatting of storage media that does not remove data previously written to the media, or through physical properties of the storage media that allow previously written data to be recovered. Data remanence may make inadvertent disclosure of sensitive information possible should the storage media be released into an uncontrolled environment.

File deletion is the removal of a file from a computer's file system.

rm is a basic command on Unix and Unix-like operating systems used to remove objects such as computer files, directories and symbolic links from file systems and also special files such as device nodes, pipes and sockets, similar to the del command in MS-DOS, OS/2, and Microsoft Windows. The command is also available in the EFI shell.

The Gutmann method is an algorithm for securely erasing the contents of computer hard disk drives, such as files. Devised by Peter Gutmann and Colin Plumb and presented in the paper Secure Deletion of Data from Magnetic and Solid-State Memory in July 1996, it involved writing a series of 35 patterns over the region to be erased.

In computing, data recovery is a process of retrieving deleted, inaccessible, lost, corrupted, damaged, or formatted data from secondary storage, removable media or files, when the data stored in them cannot be accessed in a usual way. The data is most often salvaged from storage media such as internal or external hard disk drives (HDDs), solid-state drives (SSDs), USB flash drives, magnetic tapes, CDs, DVDs, RAID subsystems, and other electronic devices. Recovery may be required due to physical damage to the storage devices or logical damage to the file system that prevents it from being mounted by the host operating system (OS).

In computing, tee is a command in command-line interpreters (shells) using standard streams which reads standard input and writes it to both standard output and one or more files, effectively duplicating its input. It is primarily used in conjunction with pipes and filters. The command is named after the T-splitter used in plumbing.

srm is a command line utility for Unix-like computer systems for secure file deletion. srm removes each specified file by overwriting, renaming, and truncating it before unlinking. This prevents other people from undeleting or recovering any information about the file from the command line.

In Unix-like operating systems, unlink is a system call and a command line utility to delete files. The program directly interfaces the system call, which removes the file name and directories like rm and rmdir. If the file name was the last hard link to the file, the file itself is deleted as soon as no program has it open.

Data erasure is a software-based method of data sanitization that aims to completely destroy all electronic data residing on a hard disk drive or other digital media by overwriting data onto all sectors of the device in an irreversible process. By overwriting the data on the storage device, the data is rendered irrecoverable.

A trim command allows an operating system to inform a solid-state drive (SSD) which blocks of data are no longer considered to be 'in use' and therefore can be erased internally.

cat is a standard Unix utility that reads files sequentially, writing them to standard output. The name is derived from its function to (con)catenate files. It has been ported to a number of operating systems.

Eraser is an open-source secure file erasure tool available for the Windows operating system. It supports both file and volume wiping.

References

1 2 3 "shred invocation (GNU Coreutils 9.3)". www.gnu.org.
↑ Michael Wei; Laura M. Grupp; Frederick E. Spada; Steven Swanson (2011). "Reliably Erasing Data From Flash-Based Solid State Drives" (PDF). FAST'11: Proceedings of the 9th USENIX conference on File and storage technologies. Wikidata Q115346857 . Retrieved 2018-01-08.
↑ scrub(1) – FreeBSD General Commands Manual

shred invocation, GNU Coreutils. Accessed February 3, 2009.
Shred and secure-delete, Free Software Magazine. November 29, 2008. Accessed February 3, 2009.
Secure Erase Definition Archived 2012-11-18 at the Wayback Machine , About.com. Accessed April 17, 2012.
How To Completely Erase a Hard Drive Archived 2012-11-18 at the Wayback Machine , About.com. Accessed April 17, 2012.

External links

shred(1) – Linux User Commands Manual

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[infopage-1] 1 2 3 "shred invocation (GNU Coreutils 9.3)". www.gnu.org.

[Wei2011-2] Michael Wei; Laura M. Grupp; Frederick E. Spada; Steven Swanson (2011). "Reliably Erasing Data From Flash-Based Solid State Drives" (PDF). FAST'11: Proceedings of the 9th USENIX conference on File and storage technologies. Wikidata Q115346857 . Retrieved 2018-01-08.

[3] scrub(1) – FreeBSD General Commands Manual

[1]

[2]

[3]

v t e GNU Core Utilities command-line interface programs
File system	chcon chmod chown chgrp cksum cp dd df dir dircolors install ln ls mkdir mkfifo mknod mktemp mv realpath rm rmdir shred sync touch truncate vdir
Text utilities	b2sum base32 base64 cat cksum comm csplit cut expand fmt fold head join md5sum nl numfmt od paste ptx pr sha1sum shuf sort split sum tac tail tr tsort unexpand uniq wc
Shell utilities	arch basename chroot date dirname du echo env expr factor false groups hostid id link logname nice nohup nproc pathchk pinky printenv printf pwd readlink runcon seq sleep stat stdbuf stty tee test timeout true tty uname unlink uptime users who whoami yes