best fedora solution to securely erase folders/clean free space?

Bruno Wolff III bruno at
Sat Mar 30 19:12:03 UTC 2013

On Sat, Mar 30, 2013 at 17:17:52 +0100,
   "M. Fioretti" <mfioretti at> wrote:
>On Sat, Mar 30, 2013 09:54:41 AM -0500, Bruno Wolff III wrote:
>> It makes a difference if you are concerned about attacks by users of
>> the machine, people who grab the machine while it is powered on
>The two cases above are exactly what I had in mind, regardless of how
>frequent/realistic they are. My brain just got stuck on them, I guess,
>so I started refreshing what I knew on the topic. Any further comment
>on those cases is welcome.

It makes sense to use luks encrypted partitions so that the file systems 
are not practically accessible once the keys are out of memory. You can 
also encrypt sensative files separately so that they aren't accessible 
in some cases where local users are able to get access to the files. If 
you think an attacker is going to try to read the luks keys from memory 
you may want to disable firewire to make it harder. If you are looking 
at possible seizure by people who are likely to try to do that with 
bad consequences if they do, then you might look at some deadman set ups. 
Using those risks losing all of your data when you are not under attack, 
so you need to be careful trying to do something like that. People have 
also been know to set up physical destruction of disk drives that can 
be triggered very quickly. Again there is a balancing act between making 
sure the drives are destroyed before they are seized and inadvertantly 
destroying them when there isn't a real threat.

Another attack you may need to worry about is the evil maid attack where 
the computer is accessed and hardware key loggers and the like are 
attached and then put back where it was, in the hope you will enter keys 
that will be obtained when the device is accessed again later.

More information about the users mailing list