[aescrypt] Wish-list item 6, securely erase old file

Paul E. Jones paulej at packetizer.com
Wed May 29 20:27:11 EDT 2013


This is a feature that is requested from time-to-time.  I've not tried to
tackle the problem for a few reasons:
1) I don't think the default behavior should be to erase the input file
  (as some users will definitely lose their data accidentally)
2) If it is not the default behavior, then we need a new command-line
   Switch on Linux and a new switch on the GUIs
3) If it is the default, we need a switch to prevent automatic erasure
4) Securely erasing files can be misleading since sometimes it cannot
   be done.  I've been told, for example, that some SSD controllers
   will not actually write over the same physical location when
   writing over a file, thus one just fills some space with
   zeros (or whatever) and the original file is still present, too.
5) There are existing tools on Linux that securely erase files, including
   shred, scrub, etc.

so, while not opposed to the idea, you can see why it's not yet moved to the
top of my priority list :-)

However, if you are interested to tackle the problem, you are welcome to do
so.  We can integrate the code changes.  I really would prefer that this not
be the default behavior, as I prefer to not change the default behavior from
one release to another without a really good reason.

Perhaps the Linux code might be best to start with.  Perhaps if the user
adds -r to the command line, that means to "securely erase and remove" the
original input file after successful encryption or decryption.

We could then port that into the Windows command-line code.  (To be honest,
I created the Windows command-line code in the most lazy way possible:
replacing Linux API calls with Windows API calls.  I really need to merge
the two so that a single command-line utility compiles on both platforms.
But, that has to be done carefully and fully tested... which is why I've not
yet merged the code.)


> -----Original Message-----
> From: aescrypt-bounces at lists.packetizer.com [mailto:aescrypt-
> bounces at lists.packetizer.com] On Behalf Of Markus Michael Rau
> Sent: Wednesday, May 29, 2013 8:15 AM
> To: aescrypt at lists.packetizer.com
> Subject: [aescrypt] Wish-list item 6, securely erase old file
> Hi,
> first of all, I'm Markus and I'm a graduate student at the LMU munich.
> My topic is weak lensing and data analysis, so have mercy with me.
> I like your tool pretty much and want to ask if I can contribute to
> the software.
> I'm personally interested in a way to delete the old source files.
> What do I have to do? Just overwrite the old file with random numbers?
> How often I have to overwrite? Is it dependent whether I overwrite
> onto an usb stick or a hard drive?
> Has anybody information about that or has knowledge in computer forensics?
> Take care,
> Markus

More information about the aescrypt mailing list