Need help with safe partitioning (making files non recoverable)
Hi
I was just interested if i would install GNU/linux distro of personal choice and use in partition software to delete partitions,create new partition table(if possible) and re create partition with different size would this make files non recoverable to HDD/SSD or i would need to use specialized distro/bootable software for example parted magic to manage partitions and install OS afterwards?
Regards ;_)
If you format a partition (i.e., "install" a filesystem on it), its files are lost.
However, some filesystems can be shrunk and/or enlarged without losing anything. E.g., the ext family of filesystems support both operations (but, of course, it will not let you shrink it to a size where there is not enough space for its files). XFS (Trisquel's default filesystem for /home) can only be enlarged, not shrunk. So, to effectively shrink an XFS filesystem, you need to backup its files (on another filesystem), delete its partition, recreate a smaller one in the free space, format it (i.e., choose the filesystem of your choice, not necessarily XFS) and move the file that were backed up to the newly created filesystem.
GParted (a graphical interface to GNU parted) makes it easy to alter your partitions and their filesystems. It will warn you if the operation you plan to execute will make you lose the files on some partition. GParted is on Trisquel's live system. You should never alter partitions that are mounted, i.e., with their files accessible. For such partitions, you need to run a live system.
Reading again your post, I actually wonder if your goal is not the opposite: making sure that nobody (including you) can ever recover files that are/were on the partition. If that is your goal, then 'shred' is your friend (here called with one single pass, which is enough):
$ shred -n 1 /dev/[insert here the partition to delete, e.g., "sda1"]
You can then delete the partition in question but it is not necessary for non-recoverability.
I am a translator!
However, notice that shred will work beautifully on an HDD. It won't work properly on a SSD. Safely purging data on SSD is AFAIK impossible and the only sure way to go is full disk encryption. Encryption, when properly implemented, works. That much we know for sure.
Do you have any reference? 'info shred' does not warn on such a problem and even suggests that it is safe to use the command I gave on SSDs (whereas it is not safe to only write zeros):
On modern disks, a single pass should be adequate, and it will take one third the time of the default three-pass approach.
# 1 pass, write pseudo-random data; 3x faster than the default
shred --verbose -n1 /dev/sda5
To be on the safe side, use at least one pass that overwrites using pseudo-random data. I.e., don't be tempted to use `-n0 --zero', in case some disk controller optimizes the process of writing blocks of all zeros, and thereby does not clear all bytes in a block. Some SSDs may do just that.
SSDs and other flash storage devices have firmware that doesn't write data to them in a straightforward or consistent manner. In short: it will work, but only if you shred the entire disk at once.
I found a reference: http://cseweb.ucsd.edu/~m3wei/assets/pdf/FMS-2010-Secure-Erase.pdf
I am a translator!
Some time back, not so long ago, I researched a bit on this topic. Among other websites, I remember the eff's one was quite helpful.
https://ssd.eff.org/en/module/how-delete-your-data-securely-windows#Anchor%201
Another great one (and the best application to shred folders and free space) -> https://docs.bleachbit.org/doc/shred-files-and-wipe-disks.html
So I am missing bleachbit in synaptic for Trisquel 8. Do you think one of thse http://www.bleachbit.org/download/linux would work?
It is surprising that BleachBit is not in Trisquel 8 since Ubuntu 16.04 (on which Trisquel 8 is based) has the exact same (and unmodified) version as Trisquel 7. Download http://archive.trisquel.info/trisquel/pool/main/b/bleachbit/bleachbit_1.0-1_all.deb and install it either with 'sudo dpkg -i bleachbit_1.0-1_all.deb' (opening a terminal in the directory where the package was downloaded, otherwise specify the path to the package) or by double-clicking on it after installing "GDebi".
But, well, https://www.bleachbit.org/download/file/t?file=bleachbit_1.12_all_ubuntu1604.deb should be OK too if you want a latest version.
Thanks, Magic, will give it a try.
PS The first one worked fine so I got it.
I tried the second but it said something like it wasn't a debian install package.