Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
WIPE(1)			    General Commands Manual		       WIPE(1)

NAME
       wipe - secure file deletion utility

SYNOPSIS
       wipe

       [-ucwsiIhfFdDnNvVzZrRtTkKaAeE]	 [-B(count)]   [-S(size)]   [-C(size)]
       [-o[size] -O] [-l[0-2]] [-x[1-32] -X] [-p(1-32)]	[-b(0-255)] [files]

DEFAULT
       wipe -ZdNTVEAkO -S512 -C4096 -l1	-x1 -p1

DESCRIPTION
       Wipe is a secure	file wiping utility. There are some low	 level	issues
       that  must be taken into	consideration. One of these is that there must
       be some sort of write barrier between passes.  Wipe  uses  fdatasync(2)
       (or  fsync(2))  as a write barrier, or if fsync(2) isn't	available, the
       file is opened with the O_DSYNC or O_SYNC flag. For wipe	to  be	effec-
       tive,  each  pass must be completely written. To	ensure this, the drive
       must support some form of a write barrier, write	cache flush, or	 write
       cache  disabling. SCSI supports ordered command tags, has a force media
       access bit for commands,	and write cache	can be disable on mode page 8.
       IDE/ATA drives support write cache flushes and write  cache  disabling.
       Unfortunetly,  not  all	drives actually	disable	write cache when asked
       to. Those drives	are broken. Write caching should always	 be  disabled,
       unless your system is battery backed and	always powers down cleanly.

       Under linux, the	mount option "mand" must be used (see linux/Documenta-
       tion/mandatory.txt) for mandatory file locks to be enabled. Wipe	should
       make  it	 extremely difficult for all but the most determined person(s)
       to recover the original plaintext data. Utilities such as PGP  and  the
       GNU  Privacy Guard provide strong encryption, but encryption is useless
       if the original plaintext can be	recovered. When	 using	PGP  and  GPG,
       temporary  files	 that are disk-backed should be	stored on an encrypted
       file system. That way, the plaintext never hits the platters.  Wipe  is
       designed	for situations where an	encrypted file system isn't practical.

       Wipe uses /dev/urandom, or if unavailable, /dev/random, as a source for
       entropy.	 The  Mersenne	Twister	PRNG is	used for speed.	The MT site is
       at:

       http://www.math.keio.ac.jp/~matumoto/emt.html

       For more	information on the secure deletion of magnetic media and solid
       state storage devices (such as DRAM) see	the USENIX  article  by	 Peter
       Gutmann at:

       http://www.cs.auckland.ac.nz/~pgut001/secure_del.html

OPTIONS
       -h     Display help screen. Shows options and what they do.

       -u     usage - shows options

       -c     shows copywrite information

       -w     shows warranty

       -i     interactive  -  prompt  whether  to  remove each file explicitly
	      checks file permissions

       -I     disables interaction

       -f     forces file wiping and suppresses	permission warnings

       -r or -R
	      recursion	- traverse subdirectories

       -s     silent - disable percent reporting and some warnings

       -V     verbose -	shows percentage if file size is above a certain limit
	      (see wipe	-h)

       -v     force verbose - always show percentage

       -e and -E
	      on (-e) makes the	percentage (only if shown)  more  accurate  by
	      calling fdatasync() before each update off (-E) will be slightly
	      less  accurate,  but  wipe  will	only  call fdatasync() between
	      passes

       -d and -D
	      delete (-d) or keep (-D) after wiping

       -n and -N
	      delete (-n) or skip (-N) fifos, sockets, sym links, and char de-
	      vices

       -k and -K
	      lock (-k)	or don't lock (-K) files during	wiping

       -z     zero-out file - performs a single	pass of	zeros

       -Z     perform normal passes - overrides	-z

       -t and -T
	      enable (-t) or disable (-T) static passes

       -a and -A
	      write until out of space (-a) or don't (-A)

       -o and -O
	      write [size] to stdout (-o) or use files (-O)

	      Since wipe does not have specific	support	for char devs, like it
	      does for block devs, this	is  the	 preferred  method  of	wiping
	      them,  such as tape drives; eg, wipe -za -o | buffer > /dev/nst0
	      It can also be used for block devs; eg wipe -To |	dd  count=size
	      of=blkdev

	      You  can	also use this to create	files containing pseudo-random
	      output from the MT PRNG; eg, wipe	-To10240 -x1 > prand

	      For static passes, you must specify a stdout length.

       -B     override block device sector count

       -S     override block device sector size

       -C     chunk size - the maximum file buffer size

       -l     sets generic security level

	      level 0, the PRNG	is only	seeded once

	      level 1, the PRNG	is seeded once per file

	      level 2, the PRNG	is seeded once per random pass

       -x     enables random passes and	optionally, how	many random passes  to
	      perform  -  note	that this option now sets the number of	random
	      passes per wipe loop - in	other words, the total number of  ran-
	      dom passes will be random	passes * wipe loops (-p)

       -X     disable random passes

       -p     loop  passes  -  perform wipe sequence x times, including	random
	      passes

       -b     custom byte - overwrite once with	a specific byte

FILES
       /dev/urandom
	      Wipe uses	this character device for a source of entropy

       /dev/random
	      Wipe falls back to using this if /dev/urandom is not available

DIAGNOSTICS
       If an error occurs, the exit code will be the errno value. An exit code
       of 2 indicates bad usage.

BUGS
       Wipe does not work on log structured file systems, or any other type of
       file system or block device that	reallocates sectors on write.

       Some programs are vulnerable to symlink races. To  avoid	 this  problem
       with  wipe, only	wipe files in directories that are not writable	by un-
       trusted users.

NOTES
       Tapes and other sequential access devices

       Choose an appropriate buffer size to match the logic or physical	 block
       size  of	 the device. When using	the pattern passes, you	should disable
       compression on the drive, and it's  generally  best  to	so  for	 other
       passes as well.

       For  VXA	 drives,  I  used mt-st	under linux to set the block size to 0
       (variable) and turn off compression, and	I run wipe with	 a  64k	 block
       size, to	match the on-tape format''s native block size.

       Example:

       mt-st setblk 0

       mt-st compression 0

       wipe -C64 /dev/st0

ALTERNATIVES
       Other file wiping utilities:

       Another "wipe" by Berke Durak <durakb@crit2.univ-montp2.fr>

       Colin Plumb's <colin@nyx.net> sterilize.

       Todd  Burgess's	<tburgess@eddie.cis.uoguelph.ca>  srm  is available on
       sunsite/metalab in

       ftp://metalab.unc.edu/pub/Linux/system/filesystems/

SEE ALSO
       /usr/local/share/doc/wipe/README

AUTHORS
       Wipe
       Copyright (C) 1998-2009 Thomas M. Vier, Jr. <nester@users.sf.net>

       Mersenne	Twister	PRNG module
       Copyright (C) 1997 Makoto Matsumoto and Takuji Nishimura

								       WIPE(1)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=wipe&sektion=1&manpath=FreeBSD+14.3-RELEASE+and+Ports>

home | help