1

I was trying to find better ways of quickly deleting files in such a way that they cant be recovered at all.

Is encrypting drive with a completely pseudo random key using some block chain better than deleting files or overwriting it with random stuff?

Mk47
  • 111
  • 1

4 Answers4

1

What is it you want to protect against? First off you got the problem of not having direct access to the hardware of the storage device (unless you use specialized techniques / software), so there is in fact no way to know if your influencing the same piece of storage, or a new piece of storage.

Secondly depending on what your goal is there can be better solutions than encryption (which is by no means faster than deletion I might add).

  • if the goal is to prevent data theft / recovery, you are better off physically destroying the discs involved. A few good whacks with a sledgehammer should do the trick, than to be sure you can burn the leftovers. (IC's generally are poor at retaining data at temperatures in execs of 200 Deg Centigrade. and most ferro-magnetic substances also lose magnetic cohesion at those temperatures)
  • If the goal is to resell / give away / or otherwise re-purpose the device. A good format should suffice. if your unsure about the results do a low-level format. Slow but that does at least clear all data from the disk.
  • If your goal is to keep the data from a government agency, best to use an industrial degausser on a magnetic disc and a High Voltage on the Print for a Solid state disc. this should remove enough of the data to be completely useless to anyone, bear in mind to remove your tin-foil hat before attempting this and consult with a doctor before buying anything like this as there are risks involved.

I would suggest you first go back to the "why" question, as in "Why do you want to combine quick and secure, 2 mutually exclusive actions when regarding any form of storage. your either quick (as in fast), or secure( as in certain of a specific state / certain that no none but you can access the data).

LvB
  • 8,336
  • 1
  • 27
  • 43
1

It cannot be better IMHO because of two reasons:

  • it requires much more resources than erasing - same volume to write, but requires reading the initial value, and requires memory and computation time for encrypting
  • it cannot be more secure than rewriting to a known and fixed value, because that process gives same result whatever the input was.

The problem in securely erasing is the possibility at a physical level to find the previous value of a sector. Writing an encrypted version instead of a fixed sequence should not help a lot here. So the common usage is to rewrite multiple time with different patterns in order to lower the possibility of recovering the original data, or to physicaly destroy the support.


This was for full disk erasure. If you want to be able to delete individual files, it may depend on the file system, OS and physical media. On the simple case where you have a simple magnetic disk, a file can be rewritten in place before deletion. In that case, the previous data will not be recoverable because it has ben replaced on the disk.

But there are different corner cases:

  • Windows offers a functionality of automatic versioning of files. In that case, when you try to rewrite a file, you only write a new version of it, and the previous one subsist on disk.
  • other OS offer versioned file system that result in the same problem as above
  • some memory stick or SSD do not rewrite a file in place but always write on a new sector, in that case, you cannot erase a single file data.

That means that there is no secure and portable way to completely erase a single file. It works with simple file systems on magnetic disk (the most common use case), but can fail if the file system or media has special processing.

Serge Ballesta
  • 25,952
  • 4
  • 42
  • 84
1

Questions asking about better require that we know what is important to you. Speed of operation, resistance to forensic analysis later, or some other metric?

Assuming you want to wipe the whole disk quickly and securely, you don't want to encrypt as part of the delete/overwrite action as OP originally phrased it in their question, but rather you want to have the whole disk already encrypted for normal use, and then your delete/wipe action is to just zero out the key.

If the key is, as you specified, random, and stored in the computer's TPM chip, zeroing it out, while leaving entire disk encrypted (again, assuming something like properly implemented AES) will be extremely fast regardless of disk size, and more secure than just overwriting all the files.

JesseM
  • 1,902
  • 10
  • 9
0

For deleting disks LvBs answers are OK, you asked about deleting files specifically, so I am guessing you just want one file gone and the rest of the disk unchanged (and not torn to shreds).

Either zeroing the bits, forgetting the location, or encrypting the file (your recommendation) requires some trust in your software. If you are worried someone on the computer after you will attempt get the file back they do have some options, you can look at how people successfully restore deleted files and make sure you do a better job.

Why encryption doesn't really help you for this one file only problem: if you encrypt the file are you making a copy and then deleting the original? Then you have not fixed your problem. Are you are encrypting the file with a key and then deleting the key? Well what magic method are you using to delete the key, why not just use that for the file.

daniel
  • 774
  • 3
  • 12
  • Properly implemented encryption software would only keep the decryption key in the RAM, so loss of power means the data will stay locked and inaccessible until an external person inputting the key again. This is usually impractical for the data, in which you usually don't want them to be permanently inaccessible if you lose power. – Lie Ryan Jun 15 '17 at 02:08
  • @LieRyan that reminds me of my question here: https://security.stackexchange.com/q/160696/8072 but for this question he'd be better with zeroing the bits instead of encrypting anyways, you can't find a key for a string of zeros. – daniel Jun 15 '17 at 14:39