A small tool-wipe

Wipe is a secure file wiping utility. there are some low level issues that must be taken into consideration. one of these is that there must be some sort of write barrier between passes. wipe uses fdatasync (2) (or fsync (2) as a write barrier, or if fsync (2) isn't available, the file is opened with the o_dsync or o_sync flag. for wipe to be valid tive, each pass must be completely written. to ensure this, the drive must support some form of a write barrier, write cache flush, or write cache disabling. SCSI supports ordered command tags, has a force Media Access bit for commands, and write cache can be disable on mode page 8. IDE/ATA drives support write Cache Flushes and write cache disabling. unfortunetly, not all drives actually disable write cache when asked. those drives are broken. write caching shoshould always be disabled, unless your system is battery backed and always powers down cleanly. see this thread from the Linux kernel list:

Http://www.uwsg.iu.edu/hypermail/linux/kernel/0103.0/0331.html

Under Linux, the mount option "mand" must be used (see Linux/documentation/mandatory.txt) for mandatory File locks to be enabled. wipe shoshould make it extremely difficult for all but the most determined person (s) to recover the original plaintext data. utilities such as PGP and the GNU Privacy Guard provide strong encryption, but encryption is useless if the original plaintext can be recovered. when using PGP and GPG, temporary files that are disk-backed shoshould be stored on an encrypted file system. that way, the plaintext never hits the platters. wipe is designed for situations where an encrypted file system isn' t practical.

Making the following assumptions:

1. At least one of Peter Gutmann's patterns is correct
The device you're wiping

2. The patterns are actually being written to the media

3. The correct sectors are being written

It's likely that wipe will make it more difficult to recover the original data.

Those assumptions are respectively incorrect if:

1. Writing to a drive that uses a newer encoding scheme

2. The passes are being buffered and merged by the drive
Electronics, controller or the OS

3. You're wiping a file in a log structured file system or
Any FS that doesn't overwrite the file's previusly allocated
Sectors or the drive has reassigned one or more sectors due to errors

If you're using LFS or something like it, the only way to wipe the file's previous contents (from userspace) is to wipe the whole partition.

Some programs are vulnerable to symlink races. To avoid this problem with wipe, only wipe files in directories that are not writable by untrusted users.

Wipe uses/dev/urandom, or if unavailable,/dev/random, as a source for entropy. The Mersenne Twister PRNG is used for speed. The MT site is:

Http://www.math.keio.ac.jp /~ Matumoto/emt.html

For more information on the secure deletion of magnetic media and solid state storage devices (such as Dram) See the usenix article by Peter Gutmann:

Local copy
Http://www.cs.auckland.ac.nz /~ Pgut001/secure_del.html

 

Development Status

January 1st, 2004 
Released 2.2.0. This shocould fix all the problems with Solaris. The only new feature is wiping to stdout.

September 1st, 2003 
Posted WIP snapshot.Please test!This is a release candidate.

March 30th, 2003 
Posted work-in-progress snapshot.

January 12th, 2003 
Working on 2.2.0; plan to release soon. Posted work-in-progress snapshot.

August 14th, 2002 
Wipe2.1.0Release. Minor bug fixes.

February 13th, 2002 
Wipe2.0.1Release. Minor bug fix.

May 9th, 2001 
Wipe2.0Release. Major rewrite with lots of new features. See wipe-H and readme. Reset command line options have changed.

Febuary 28,200 0 
Wipe1.2.2Release. fixed up block device code, and some other minor fixes. I 've tested blockdev wiping under Linux and it seems to work pretty well. let me know if it's broken on BSD or Solaris, Irix, etc.

Febuary 12,200 0 
Wipe1.2.1Release. Fixes a typo that prevented IOCTL () from being used.

January 5, 2000. 
Wipe1.2.0Is out! This version shoshould be much more stable (see changelog). Older versions have buggy hash Io code. Here's the fix.

This is the new site. As you can tell, Not quite everything is setup yet.