2

I got to know about shred yesterday.

I want to know the proper way of removing files with it.


Should I first shred the file and then use rm to remove it?

$shred <file>

$rm <file>

Or should I just use the shred command with the -u option?

$shred -u <file>


Which of these is better? :)

Wade Wayne
  • 121
  • 8
  • 1
    You might want to read the full man page. (a) --remove=wipesync also shreds the directory entry (just the filename might be a give-away). (b) Read the 25 lines starting CAUTION: many file systems defeat `shred`, including SSDs (which tend to spread the damage by "updating" blocks in alternative physical locations). – Paul_Pedant Jun 28 '21 at 13:17
  • The man page is not nearly as complete as the info page with regard to warnings. See https://www.gnu.org/software/coreutils/manual/html_node/shred-invocation.html. Kelley's answer is sufficient if you are not using an SSD; if you are using one, use it anyways, TRIM, then sit fingers crossed. – Mingye Wang May 25 '23 at 08:54

1 Answers1

2

Just use it like this:

shred -v -n 1 -z -u /path/to/your/file

This will shred the provided file by overwriting it with random data first, then with 0x00 (zeroes), and lastly by deleting it.

Daniel Kelley
  • 336
  • 1
  • 6
  • Is -n 10 better than -n 1? – Wade Wayne Jun 28 '21 at 13:22
  • 1
    @WadeWayne If you're attempting to securely delete a file, the chances are that you're just not going to do it properly because too many factors come into play, including the environment (not just the filesystem) that the file exists on. Shred basically relies on a very important assumption: that the file system overwrites data in place. This is the traditional way to do things, but many modern file system designs do not satisfy this assumption 1/2. – Daniel Kelley Jun 28 '21 at 13:37
  • @WadeWayne To answer your question, -n is used here to control the number of iterations for overwriting with random data. Increasing this number will result in more iterations, so technically yes, 10 is better than 1. My advice to you is to use full-disk encryption (FDE), instead of trying to securely delete files 2/2. – Daniel Kelley Jun 28 '21 at 13:37
  • Daniel Kelley, thanks so much for sharing your knowledge with me!!! :) – Wade Wayne Jun 28 '21 at 13:46
  • @DanielKelley it was traditional **20 years ago**. – RonJohn Jul 13 '23 at 03:37