fwipe: Securely Erase Files When you delete files from disk, you are not deleting your data! All that is removed is an entry in a directory, telling where your data is. Utilities like Norton's Disk Doctor, and lots of others, can pretty easily undelete your files. (Did you read the footnotes in the Starr report? Some of the evidence in that report came from "deleted emails".) I use secure file deletion all the time. My company-issued laptop contains private emails, as well as sensitive financial information. Although my boss is unlikely to undelete and read that stuff, I believe in taking the same precautions with electronic information as I would with information on paper (which I always shred--even the junkmail). For two years or so, I've used a simple shell script for erasing files. The script was published in the Linux Gazette as a "2-cent tip" entitled Binary File Access with dd. Although the script was adequate, I've grown tired of its pitiful slowness. (See: http://www.nb.net/~lbudney/linux/misc/dd.html) Enter fwipe. fwipe implements the same concept in C, and runs at least 30 times faster than the shell script. It was designed with security in mind: fwipe0, which actually erases your files, is immune to filenames containing spaces, carriage returns, dashes, or any other special characters (see the man page). You can use it in place of rm in cron jobs, together with "find ... -print0". The output of fwipe0 is specially designed to be parsed easily by machine, so it can be embedded in other applications which need secure file erasure. One such application is Dan Bernstein's serialmail. You can use serialmail plus fwipe0 to securely erase the contents of a maildir with the command: maildirserial dir prefix fwipe0 -n Changes: 0.35. - Changes: Added RPM spec file. 0.30: - added "slowness" feature to reduce I/O load and improve console responsiveness during large wipes. 0.25: - switched to unbuffered writes to reduce CPU consumption - bugfix--now fwipe overwrites with 0's and 1's Licensing fwipe is issued under the BSD license. Some of the source code for fwipe was borrowed from Dan Bernstein, who has not specified what license applies to his code. From his public remarks, I am confident that he doesn't care what is done with his code, as long as: 1. Nobody thinks that Dan is responsible for your project, 2. Nobody thinks that Dan endorses your use of his code, and 3. Nobody bothers Dan about problems with your project, including code borrowed from him. Note that these restrictions are really a restatement of the spirit of the BSD license. If you use any of my code, I don't want people bothering me, either! The BSD license, together with the DBD (``Don't Bother Dan'') clause, is included in the fwipe distribution. You can also read it here: http://www.nb.net/~lbudney/linux/software/fwipe/COPYING.txt Contact Send any patches, bugs, complaints, free beer, etc to Len Budney lbudney@pobox.com The fwipe homepage is located at: http://budney.homeunix.net:8080/users/budney/linux/software/fwipe.html Cryptographic signatures and checksums may be provided by the developers at the URL(s) above. Wiretapped recommends that users check these before use of the software/information.