

Secure delete with rm on OS X - mustpax
http://paksoy.net/post/1385176457/easy-secure-delete-with-rm-on-os-x

======
Maskawanian
There is no guarantee this goes on the same sectors on the disk. I think that
would only be guaranteed by a "secure delete call" to the drive's firmware.

The only way I know to securely erase the empty space on the drive is a call
like "cat /dev/urandom > file; rm file". This will error once the drive is
full, then be deleted.

~~~
mustpax
Interesting. But that would only be true for journaling file systems right? Or
are there consumer hard disk drives that transparently journal writes _a la_
ssd's?

~~~
pmorici
Newer generations of SSD's have a command called "TRIM". It is meant as a way
to speed up SSD drives by alerting the drive to blocks that are no longer in
use by the file system and can be pre erased so to speak which makes future
writes to that location faster. Windows 7 and newer versions of the Linux
kernel support it.

~~~
chrisbolt
That doesn't necessarily mean it will be erased, it just gets put back in the
list of unallocated blocks.

~~~
Someone
No. Flash memory is sort-of write-once in the sense that a page starts with
all bits in one state. From there, you can flip individual bits to the other
state, but to flip them back, you have to flip back all of them. So, to update
a single bit, you may have to read a block, erase it, update the in-memory
block, then write the in-memory block.

The trim command will do the 'erase block' part of this procedure before the
block is actually needed for data. That speeds up a future write to that
block.

------
Groxx
Know what's easier?

Right click the trash bin, and hold Command. You'll see "Secure Empty Trash".
You can also do the rm -P _from_ the trash bin, which I wish they allowed you
to do under normal circumstances. (dterm makes this easy.)

~~~
MikeCapone
Thanks. I knew you could hold "alt" when left-clicking on the volume control
to select inputs, but I didn't know about that one. Very useful, much better
than going in the Finder's preferences...

~~~
thought_alarm
For what it's worth, holding down Option/Alt will empty the Trash without
confirmation.

Also, from the menu you can select:

    
    
        Finder > Secure Empty Trash
    

You can even give it a keyboard shortcut, if you like. Or, as you mentioned,
there's an option to always securely empty the Trash in the Finder
Preferences.

------
Niten
This isn't an OS X specific feature, it's a feature from the FreeBSD userland
that Apple borrowed into OS X.

------
jrockway
Secure delete is not reliable with modern filesystems. Just use full-disk
encryption -- it's free.

~~~
sp4rki
I've generally seen full disk encryption on a OS volume as a moot point. Why
is there a need to have full disk encryption on a bootable volume, when the
only thing you should be protecting from prying eyes is your content? Full
disk encryption makes sense in a data volume, not in a bootable volume where
just having a ~ directory and it's children encrypted covers mostly everyone's
need for security.

~~~
jrockway
So you know for a fact that every application you ever use doesn't write data
outside of ~?

You may feel comfortable about that, but I don't. /tmp, for example, can
contain plenty of sensitive data.

~~~
sp4rki
It doesn't if I don't give it permission to, but if you're concerned about it
encrypt /tmp also or symlink it to ~/tmp (provided you're the only user).

Nevertheless, I do understand that you have different requirements, but in the
case someone really values the option of having his entire boot volume
encrypted, the one time only price tag of PGP is a moot point and shouldn't be
a deterrent. In fact, I'm now tempted to buy PGP's whole disk encryption thank
you very much. In any case, I think it's generally overkill, but if you really
needed, who am I to stand in your way! :)

<http://www.pgp.com/products/wholediskencryption/index.html>

~~~
jrockway
I use Linux, so full-disk encryption was just a checkbox (erm, line that you
select?) in the installer.

Like I said, it's free, so why not?

~~~
sp4rki
Oh silly me, I kind of assumed you where using OSX because someone made the
comment that there's no option for full disk encryption. My bad. If I had an
option to encrypt my whole disk that easily in OSX I'd take in a heart beat,
not necessarily because I think it's better but because it's a solution and
it's simple... because I can so to speak.

------
santry
Or use srm.

