10.3: Secure empty trash from the Terminal

More Mac Sites:
Macworld
MacUser
iPhone Central

Pick of the Week - Nov 10 [Show all picks]
Path Finder 5 - A feature-laden Finder replacement

12,000 hints and counting!

Wed, Oct 29 2003 at 11:20AM PST • Contributed by: raveldcp

So everyone knows that you can now use the "Securely empty trash" feature. What if you want to remove a file but not use the Trash? The new feature in Panther is the command /usr/bin/srm. There are two other options that Secure empty trash doesn't use:

-m, --medium
   overwrite the file with 7 US DoD compliant passes  (0xF6,  0x00,
   0xFF, random, 0x00, 0xFF, random)

-z, --zero
   after overwriting, zero blocks used by file

So, srm -mz [filename] will do a DoD compliant erase and zero the data.

•

Currently 0.00 / 5
1
2
3
4
5

(0 votes cast)

[18,691 views]

Hint Options

10.3: Secure empty trash from the Terminal | 18 comments | Create New Account

Click here to return to the '10.3: Secure empty trash from the Terminal' hint

The following comments are owned by whomever posted them. This site is not responsible for what they say.

10.3: Secure empty trash from the Terminal
Authored by: gaspode on Wed, Oct 29 2003 at 12:16PM PST

But how can I securely delete the trash from the findet? I have not yet found this option!

10.3: Secure empty trash from the Terminal
Authored by: fortrandragon on Wed, Oct 29 2003 at 12:42PM PST

Bring the Finder to the front and then select Secure Empty Trash from the Finder menu (the menu next to the Apple icon).

I had to look for it as well. I was surprised Apple didn't add that option to the Trash's contextual menu.

10.3: Secure empty trash from the Terminal
Authored by: gaspode on Wed, Oct 29 2003 at 2:55PM PST

Oh, dear it is so obvious. Thanks!

Don't feel bad
Authored by: jriskin on Wed, Oct 29 2003 at 6:34PM PST

I missed it too, I did the same thing you did. I went to the Trash can and looked in the contextual menu.

10.3: Secure empty trash from the Finder
Authored by: winddog on Sat, Nov 1 2003 at 11:52AM PST

Good job. What happens if you empty the trash for several days in the normal fashion and then use the secure empty trash-does it secure the previous files that have been emptied from the trash?

10.3: Secure empty trash from the Terminal
Authored by: gunslngr on Wed, Oct 29 2003 at 6:46PM PST

So how can I add the srm command to the Trash Contextual Menu?

10.3: Secure empty trash from the Terminal
Authored by: jecwobble on Thu, Oct 30 2003 at 11:50AM PST

Try OnMyCommand

10.3: Secure empty trash from the Terminal
Authored by: gunslngr on Thu, Oct 30 2003 at 2:10PM PST

looks cool. I'll take a look.

Thanks.

10.3: Secure empty trash from the Terminal
Authored by: xbpr on Tue, Nov 4 2003 at 7:07PM PST

I tried to add this to the dock menu by editing the DockMenus.plist file. Using property list editor, I can see that the command number to "empty trash" is 1001. How can I figure out what the command number is for secure empty?

/bin/rm -P
Authored by: extra88 on Wed, Oct 29 2003 at 6:44PM PST

OS X 10.2 (and probably earlier) already had /bin/rm -P which may not be "DoD compliant" but is probably sufficient and faster.

From man rm:

-P Overwrite regular files before deleting them. Files are
overwritten three times, first with the byte pattern 0xff,
then 0x00, and then 0xff again, before they are deleted.

/bin/rm -P
Authored by: FlashBIOS on Wed, Oct 29 2003 at 10:17PM PST

That doesn't do resource forks, and there is some debate on if it ever worked like it should.

Is it overkill?
Authored by: sjmills on Wed, Oct 29 2003 at 10:36PM PST

Why write over the file 7 (or 8) times? Isn't once enough?

Is it overkill?
Authored by: repetty on Wed, Oct 29 2003 at 11:04PM PST

No, more than once is not overkill. Super-duper computer forensics labs can "see through" single writes without too much problem. You've got to do it several times to really give these guys a real problem.

I just as intrigued, though, by the fact that it's really easy to read letters without opening envelopes, even correspondence which has be folder over serveral times and placed in a "secure" envelope.

No, my friend, you've got to overwrite many times to approach secure, and even then there are no guarrantees against the most motivited government agencies.

--Richard

Is it overkill?
Authored by: zacht on Thu, Oct 30 2003 at 1:08PM PST

I once saw a post on Usenet claiming that all the data of the entire federal government is kept on a single 20 MB hard disk. They keep overwriting the data, but the FBI/CIA/NSA can read down through the "layers", so no problem...

A silly joke, of course...

Seriously, reading overwritten data is possible because each little section of disk that's supposed to be a 0 or 1 actually has many magnetic grains in it. Writing a 0 or 1 will flip most, but never all, of the grains. FBI & co. can look at something that seems to be, say, all 0's, and detect residual 1's at certain spots---grains that didn't make the switch to 0's---, and from that, recover a lot of the original data.

I think this can be done with certain types of microscopes---atomic force microscope (AFM) maybe? I forget---if you happen to have one lying around... :-)

Anyway, if you overwrite seven times, it's supposed to be unlikely that any individual grain would stay unchanged seven times in a row.

10.3: Secure empty trash from the Terminal
Authored by: vancenase on Wed, Oct 29 2003 at 11:37PM PST

how can you securely delete an entire folder?

10.3: Secure empty trash from the Terminal
Authored by: Tom Robinson on Thu, Oct 30 2003 at 3:16AM PST

If you check the man page for srm you'll see a '-R' option for a recursive delete (i.e. delete a directory and its contents).

Not really Secure!
Authored by: raider on Thu, Oct 30 2003 at 4:48PM PST

It was brought to light that Panther has a new feature that automatically de-frags your drive while you use it.

If you access a file of 20MB or smaller, and it is fragmented - Panther moves it to a spot on the disk where it is no longer fragmented, but only simply marks the OLD bits free for use - it doesn't overwrite them.

So even if you use Secure Empty Trash, it will only overwrite the current file, but not the places on the disk that it might have existed before.

So you *might* get a secure delete and you *might not*.

If you are concerned enough about it to use it in the first place, this would negate any real value it held for you...

10.3: Secure empty trash from the Terminal
Authored by: Crawdad on Sat, Dec 27 2003 at 10:15AM PST

You can learn a great deal about the difficulties of securely erasing disk files (and memory) from Peter Gutmann's USENIX paper of 1996. It also explodes the claims of certain commercial products.

Search

From our Sponsor...

User Functions

Don't have an account yet? Sign up as a New User
Lost your password?

What's New:

Hints

3 new Hints in the last 24 hours

Comments last 2 days

Links last 2 weeks

No recent new links

What's New in the Forums?

The Editor's Corner...

Here are some of my (robg) other projects...

•	The Robservatory My blog - Macs, tech, etc.
•	Mac OS X Power Hound The best of Hints in print
•	Inside iWork An iWork training DVD
•	Macworld Column, features, online...

Hints by Topic

News from Macworld

The macosxhints Poll

iPad_poll_#1

Other polls | 7,003 votes | 76 comments

Visit other IDG sites: