Secure delete with python

[Paul Rubin]

matt.torment at gmail.com (Matthew K Jensen) writes:
> I had this idea once, when I assumed that the OS wrote to the first
> blocks nearest to the beginning of the disk, to where I just simply
> write a whole bunch of crap files to fill in blocks that could be the
> place where recently deleted files used to be. Then defrag the
> filesystem. Then delete the crap files.
> 
> I'm just thinking aloud if any of this helps.

If you're 1) in control of what the OS does; and 2) not concerned
about securing the data against serious recovery attempts, then ok,
there's all kinds of stuff you can do that gives reasonable protection.

In practice, 1) you're usually not in control of the OS and so you
can't assume what order blocks are written in; and 2) if you're
writing a security application for use by other people, you don't
necessarily know what kinds of opponents your users will have or what
will happen if their data escapes, so you have to guard against
powerful data recovery techniques (including as-yet-uninvented ones)
as well as casual ones.

I think you're best off assuming that short of melting the platters,
there's no way to ever erase data from a hard drive, i.e. that a
sufficiently powerful attacker can recover every state that the drive
has ever been in.  The solution is to write only encrypted data to the
drive, and don't store the key on the drive.