Secure Deletion & Disk Encryption
A few clarifications on encryption and secure deletion
The purpose of this post is just to give my opinion about encryption and secure deletion
(because I feel like I’m seeing tons of misinformation, if I can call it that)
Thread Models
First, let’s identify our threat. We can categorize 2 types of threat:
- the targeted threat
- the untargeted threat
Untargeted Threat
The untargeted threat is opportunistic and generally much less technically advanced.
In the case of an untargeted threat, such as a burglary or simple robbery, the perpetrator would do nothing to counter the encryption.
So disk encryption is a good measure.
Targeted Threat
In the case of targeted threats, it will generally be more state-run (or other organisations).
in this kind of case, you have 3 threat sizes.
Low Legal Threat
By “low legal threat”, I mean countries with strong legal protection.
e.g. the USA which, i guess, you can appeal to the 5th amendment to not give the encryption key.
In this case, encryption with LUKS and a good password is sufficient.
Medium Legal Threat
The “medium legal threat” is in the case of a court forcing you to give up your password.
Such as the one in France, which has a law requiring you to give up your passwords
(otherwise it would be considered as obstruction of justice).
In this case, you need to be able to ensure deniability, and a tool like shufflecake would be much better.
Physical Threat
The physical threat applies to criminal organizations and authoritarian states (or whether you’re in a secret american prison).
In that case i’m sorry, but there’s really no optimal way to protect yourself, try steganography to avoid being identified, but if you are it’s already too late.
Secure Deletion
we have to be frank about this sort of thing, if you think that shred or other such tools prevent forensic from working, they don’t.
In most cases your file has been moved on the disk several times, so you delete the most recent version, but an older (or truncated) version is certainly present.
the only real way to remove traces is to fill the entire disk to be sure of deleting all parts.
Note that some file systems can still keep parts of these files with logging.
Another thing to bear in mind: there’s no point in writing to a file several times, once is enough.
Do you really think the authorities would risk breaking their evidence for that? no.
In most cases, they make a complete copy of the disk and perform the analysis on the copy.
Unless you’re of very high interest, they’ll never take the risk.