GNOME Bugzilla – Bug 619348
GParted should have option to shred (secure partition deletion)
Last modified: 2020-11-17 14:45:12 UTC
IMHO it would be a great idea to have an option in GParted to wipe a disk or a partition using shred. It could be down as "Securely erase disk" in the device menu for shredding entire disks and in the right click menu for shredding partitions. Or you could even just have an icon on the bar at the top. When you select it, there could be a dialogue box saying something like "By using this tool, you will make it more difficult for your personal details to be recovered. This process will take several hours to several days depending on the size of your disk and the options chosen, however it is safe to abort the process at any time." Then there could be a text entry box to type in the -n option, and a checkbox saying something like "Blank disk with zero data afterwards to hide evidence of secure erase" to toggle the -z option.
Thank you Alec for your interest in GParted and proposing this enhancement. If you wish to securely erase an entire disk device, you might want to take a look at DBAN: http://www.dban.org/
*** Bug 656200 has been marked as a duplicate of this bug. ***
See https://bugzilla.gnome.org/show_bug.cgi?id=656200 for details on possible implementation. Please, provide shredding time measurements to http://www.duncanelliot.com/blog/?p=7 to be able to build a estimation model on shredding times.
*** Bug 692658 has been marked as a duplicate of this bug. ***
(In reply to comment #1) > If you wish to securely erase an entire disk device, you might want to take a > look at DBAN: > http://www.dban.org/ > It's not the first time that I'm considering 'dban' for this work, but unfortunately I haven't changed my opinion on it this time, either: It's a scary thingy. Not only it comes with sparse documentation, but it also warns that "DBAN will automatically and completely delete the contents of any hard disk that it can detect". As such I really don't want its binaries to come anywhere near my OS hard drive. I simply want to securely erase _one partition_ or an external USB device. As mentioned in the dupliate report, a "fast" secure deletion method that overwrites data on a partition as suggested in [2] would be easy to implement: dd if=/dev/zero of=/dev/sdx bs=1M or dd if=/dev/urandom of=/dev/sdx bs=1M would be easy to implement. It could be activated via a menu item 'Partition > Wipe Data...' or similar. Are there reasons for not implementing such a feature? [2] http://en.gentoo-wiki.com/wiki/Secure_deletion#The_fastest_way
(In reply to comment #5) > Are there reasons for not implementing such a feature? I think that this could be a good feature. We are working on several other bug reports so it is mostly a matter of time. Patches are welcome.
Just in case someone wants to only nuke a filesystem's unused part the next day, there are wipefreespace and zerofree tools (the former a security tool and the latter an economy one to help thin-provided storage). I'd argue that zeroing things out once is more than adequate for a GUI tool since doing anything more fancy will require both more knobs and more understanding of their meaning.
*** Bug 699655 has been marked as a duplicate of this bug. ***
> dd if=/dev/zero of=/dev/sdx bs=1M Internal erase command is faster than this.
Has there been any progress on this? This seems like an easy feature to implement. I've noticed that recent versions of GParted come with a "cleared" FS, and as per docs "cleared can be used to clear any existing file system signatures and ensure that the partition is recognised as empty." While I found it confusing at first, I suspect this option doesn't do any kind of 'overwrite with zeros'. One way to implement this feature request would be to add a "cleared (slow)" or "cleared (wipe/shred)" or "cleared (zeros)", as suitable, that would format to "cleared" *after* having overwritten the entire partition with zeros. It seems to me that this would be a solution that would work reasonably well for a majority of users. Those more paranoid or with more specific could always turn to the CLI for this. Alternatively, for a more generic solution, you could add a confirmation dialogue when selecting to format to "cleared" that would provide a checkbox for "secure deletion" and even allow you to select between number and type of passes: say, one or more passes, with zeros or random patterns. Personally I want this feature to clean up my USB drives before giving them away...
Bug 743805 is effectively a duplicate of this report.
> Has there been any progress on this? None that I am aware of. Your idea of a "Format -> Zeroed" would be one way to implement such a feature. Ideally the feature would include a progress indicator such as with the following command [1]: sudo dd if=/dev/zero of=/path-to-device-or-partition status=progress [1] https://askubuntu.com/questions/215505/how-do-you-monitor-the-progress-of-dd Patches are welcome.
More secure is "Format -> Random". Just make sure that the options present inform the (unexperienced) user that is going to happen and how robust the formattting/erasing is.
@Pander. Is there a reason formatting to random is more secure than formatting to zeroes? If so, can you provide proof?
I have heard people mention it many times. A source for it can be https://en.wikipedia.org/wiki/Data_remanence#Overwriting
@Pander My understanding is that this resides largely on unsubstantiated claims. This isn't much of a reference, but the best I have at hand: http://gentoo-en.vfose.ru/wiki/Secure_deletion#Paranoia For truly paranoid users or in specific instances using pseudo-random patterns would work best. For simpler cases zeros should work plenty well. The way I usually test if overwriting has done any good to removing the data physically is to run a 'photorec' pass at it to see what files it recovers from the empty space. In my experience after overwriting nothing (or very little, depending on idiosyncrasies of the hardware like block sizes, etc.) gets recovered. It's not in any way exhaustive or SOTA, but it's a check.
Thank you Pander and Liv for the links. It appears that anything short of physically destroying the disk device beyond the ability to reconstruct it leaves open a tiny possibility that the data might be recovered using exhaustive efforts and laboratory techniques. I think overwriting with zeros would be considered sufficient for normal disk re-use. It has the advantage that it would free up space internally on Solid State Drives too, as opposed to storing random values. If it is absolutely critical that data not be recoverable, then destruction of the disk drive appears to be the only option. Patches are welcome.
You should use discard sector command on SSDs(hdparm --trim-sector-ranges if detected ATA), overwriting with zeros regularly will consume two write cycles on some SSDs.
*** Bug 743805 has been marked as a duplicate of this bug. ***
bugzilla.gnome.org is being replaced by gitlab.gnome.org. We are closing all old bug reports and feature requests in GNOME Bugzilla which have not seen updates for a long time. If you still use gparted and if you still see this bug / want this feature in a recent and currently supported version, then please feel free to report it at https://gitlab.gnome.org/GNOME/gparted/-/issues/ by following the guidelines at https://wiki.gnome.org/Community/GettingInTouch/BugReportingGuidelines Thank you for creating this report and we are sorry it could not be implemented so far (volunteer workforce and time is limited).
Reported as https://gitlab.gnome.org/GNOME/gparted/-/issues/123