Data Shredding
Shredding is a process of irreversible file destruction, so that its contents could not be recovered. Sometimes the same process is referred as erasing or wiping; we prefer to call it shredding in an analogy with paper shredding machines, which are used for disposing sensitive documents.
Why shredding?
“What do I need shredding for? I want to encrypt my file, not to destroy it.” This is a rather common question, and the answer will be obvious if we look at a simple analogy.
Imagine that you need to encrypt a paper-written message using the traditional James Bond way. The process is fairly straightforward – encrypt the message word by word, writing the result down on a separate paper sheet. When the whole message is encrypted, burn the sheet with the original message.
But is it possible to encrypt the message without using an additional paper sheet? Yes, you can erase each word after it is encrypted, and write the result onto the erased space. When all the words are encrypted, you will have the same paper sheet on which the original message has been replaced with the encrypted text.
One does not need to be an expert in order to see disadvantages of this method. It takes more time, requires a lot of extra work, and what is worst, the original message can very likely be recovered without decrypting. Saving one blank sheet is hardly worth the price.
The same is true for electronic encryption. Encrypting to the same file has the same drawbacks, and real world encryption software use an approach similar to the traditional paper-based technique. Encrypted data are written to a new file, then the file containing the original data is destroyed.
It is quite obvious that the file destruction phase is an integral and important part of the encryption process. Skipping this phase would make encryption useless because the original data could be recovered without knowing the key. The hacker does not need to bother breaking the cipher; restoring the original data using the traces left by incomplete destruction would be much easier.
For example, when a program deletes a file, the file remains intact – the system simply marks its disk space as free. Until the space is reused by another file, the data remains there and can be restored by any of numerous ‘undelete’ utilities. It may take weeks and months of active disk usage before the file will naturally become unrecoverable.
It is interesting to note that some existing encryption programs nonetheless do not have an integrated shredder and use the standard file deletion function, thus completely skipping the destruction step. Of course, this places such products in the ‘snake-oil’ category no matter how well their encryption parts are implemented.
How does it work?
Burning is an easy and reliable method of destroying information on a paper sheet. It works perfectly with hard disks too, but in most cases we would prefer something less drastic. In fact, if we must destroy information without destroying the media, then the only method available is erasing and overwriting contents. Unfortunately, one pass of overwriting cannot delete information reliably, so it is necessary to perform several passes in order to remove all traces of the original data.
Kryptel shredder performs overwriting in three phases: First, the file is overwritten with byte 9. Next follow one or more passes writing random data. And the last pass overwrites the file contents with byte 246. For two-pass shredding the first pass (which writes byte 9) is omitted. In case of single-pass shredding only random data are written.
For instance, five-pass shredding is performed as follows: one pass writing byte 9, then three passes writing random data, and then the finishing pass writing byte 246.
Of course, Kryptel shredder is not as simple as this and does a lot more than basic overwriting. Deleting data without leaving any trace is a tricky and challenging task that cannot be done with a simple overwriting loop. However, that loop is the heart of the shredder algorithm and gives some idea how does the shredder work
Security considerations
Kryptel shredder can perform one to nine passes for destroying data, the number of passes is selectable by the user. This leads us to the question: how many passes should we use? The more passes the better, but there is a price. Shredding is a very slow process, and shredding a large set of files in nine passes would take ages. A more sensible approach is to use the minimum number of passes that suffices the security requirements.
Low security (one pass)
Overwriting a file in single pass ensures that it is impossible to restore the file with an ‘undelete’ utility. Recovering the data is still possible, but it is very costly, and requires specialized hardware (and specialists that could use it). Government agencies without doubt have such equipment, but that kind of forensic analysis is far beyond the means of an ordinary hacker. While single-pass shredding is not very secure, it is sufficient for almost everything.
Medium security (two to five passes)
Every additional pass makes data recovery many times harder. While we can only guess what government agencies can or cannot do, their ability to recover data after five-pass shredding seems very unlikely.
High security (six to nine passes)
Very reliable and extremely slow. This level of security is certainly overkill.
Kryptel shredder works in the background, so longer processing time is not that important. However the sooner the sensitive data are destroyed the better; it is not recommended to set an unnecessary high number of passes. Use five passes for really critical data; single pass shredding would be sufficient for not-so-critical information.