Re: Wipe2fs - utility to wipe unused space in ext2/3

From: Chuan-kai Lin (b86506063_at_ntu.edu.tw)
Date: 08/20/03 

Date: 20 Aug 2003 01:59:40 GMT

Konrad Miller <killordie@gmx.net> wrote:
> dd if=/dev/urandom of=/tmp/bla.somefilename bs=512
> and when the drive is full:
> rm /tmp/bla.somefilename

Yes, that would more or less perform the same task if done correctly
(i.e. you may need to do this with root or whatever designated user to
reach the 5% reserved space usually present on ext2/3 filesystems).
It can be a useful measure against filesystem-based recoveries.

There are, however, some differences. Whether the differences are
important or not is highly subjective:

 1. Wipe2fs requires the filesystem not be mounted, while the script
    clearly needs a mounted filesystem to function.
 2. Wipe2fs does not require kernel filesystem support.
 3. Wipe2fs can only operate on ext2/3 filesystems. DD works
    everywhere as long as there is kernel support.
 4. Wipe2fs reaches the slack space at the end of files. More on this
    in a subsequent message in the thread.
 5. There does not appear to be any evidence that the dd thing will
    work 100% in a data-journaled filesystem. (Or are there?)

In summary, wipe2fs is not currently much better than the dd command,
because both are only useful against filesystem-based recoveries. But
once the infrastructure is in place, wipe2fs will eventually grow to
be a tool that can reasonably defend you against physical media analysis
recoveries, and I think that is what really matters. 

-- 
Chuan-kai Lin
http://www.csie.ntu.edu.tw/~b6506063/