Is "secure empty trash" really secure?

Discussion in 'Mac OS X Lion (10.7)' started by yeah, Sep 1, 2011.

  1. yeah macrumors 6502a

    yeah

    Joined:
    Jul 12, 2011
    #1
    I was wondering because I might be purchasing a mac soon (next year) :) and I'm worried about my files being recovered.
     
  2. appleguy123 macrumors 603

    appleguy123

    Joined:
    Apr 1, 2009
    Location:
    15 minutes in the future
    #2
    Are you hiding government secrets? It's secure enough that no one will want to go through the steps to recover your porn collection. ;)

    I think that they delete the data, and then write more data over it. It would be very hard, though probably not impossible, to recover any of your files.
     
  3. yeah thread starter macrumors 6502a

    yeah

    Joined:
    Jul 12, 2011
    #3
    LOL but seriously I have bank info and credit card info.
     
  4. mrapplegate macrumors 68030

    Joined:
    Feb 26, 2011
    Location:
    Cincinnati, OH
    #4
    It's pretty secure. Plus when you go to sell your mac, you will use disk utility and secure erase it for added measure.
     
  5. yeah thread starter macrumors 6502a

    yeah

    Joined:
    Jul 12, 2011
    #5
    :D Thanks
     
  6. flight macrumors regular

    Joined:
    Mar 4, 2010
    #6
    Do you have a hard disk or solid-state? Apparently, "Secure Empty Trash" is not so secure with an SSD: (ZDNet article)
     
  7. yeah thread starter macrumors 6502a

    yeah

    Joined:
    Jul 12, 2011
    #7
    wow!
     
  8. Hugh macrumors 6502a

    Hugh

    Joined:
    Feb 9, 2003
    Location:
    Erie, PA
    #8
    Lets remember folks he's talking about 10.6, he hasn't or mention have doing the test with 10.7. Results might be different.....

    Hugh
     
  9. blackburn macrumors 6502a

    blackburn

    Joined:
    Feb 16, 2010
    Location:
    Where Judas lost it's boots.
    #9
    You should issue a secure erase command to the hdd / ssd in order to get it properly erased. Some protected areas of the hdd aren't erased by os x.
     
  10. iThinkergoiMac macrumors 68030

    Joined:
    Jan 20, 2010
    Location:
    Terra
    #10
    By secure erase, you just mean zero the drive, right? Anything more than zeroing the drive is going to be superfluous. Even forensic level data recovery won't be able to recover much from a zeroed drive. Every pass beyond the first quickly diminishes in returns. The 7-pass erase slightly more secure than the single pass erase and no less secure than the 35-pass erase.
     
  11. Lokheed macrumors regular

    Joined:
    Jun 10, 2009
    #11
    Let's put the answer in perspective.

    A one-pass secure erase of your content is unrecoverable by any aftermarket forensic computer software. A standard user (one like yourself) will have no means whatsoever to personally retrieve your data. They can however send it to advanced security firms (and pay upwards of $5,000 USD) to retrieve the data, and even then, the success rate is low. But some data can be recovered, although reports on the net claim that the retrieval of information is scattered or broken at best.

    A 7-pass secure erase will be unrecoverable by even these firms. It is the DOD (Department of Defence) standard. To retrieve the data this fractured, you'd have to seek out special government agencies that are, by all intents and purposes, top secret. No citizen would ever find themselves in contact with these kinds of outfits. These places specialize in extreme data reconstruction, from even physically damaged hard drives. Remember that government always has a key to the backdoor. Encryption, secure delete, they still retain ways to decrypt or retrieve data. Again, no random citizen would ever have access to such services.

    Does that answer your question? Secure is a relative term. So a single-pass is more than enough for a private sale. If you are harbouring blueprints for some new kind of nuclear weapon and afraid the Men in Black are closing in, even tossing your hard drive in the fire may not eradicate the condemning evidence.
     
  12. Quad5Ny, Sep 2, 2011
    Last edited: Sep 2, 2011

    Quad5Ny macrumors 6502a

    Quad5Ny

    Joined:
    Sep 13, 2009
    Location:
    New York, USA
    #12
    If your running a spinning hard disk drive, securely emptying the trash will 99.999% of the time get rid of the CURRENT version of the file.

    But you have to keep I mind that when some applications save files, they will (non-securely) delete the old file and just save a completely new copy. Also there OS X's defragmentation, which when it consolidates files will leave old fragments scattered around the drive. There are also other scenarios like Versions, Time Machine Local Snapshots, Autosave, Resume, File Caches, Leftover Swap, ect. which will leave private data laying around the disk.

    Operating systems crap all over the disk, there is no way to be sure you've safely deleted everything. Which brings me to Zeroing the entire drive, this will erase everything but again it only works on spinning hard drives.

    As for for SSD's that's a whole other story, but the basics of it is; Securely Emptying the trash does not work, nor does Zeroing the drive. In order to wipe a SSD, you need a tool to send the ATA Secure Erasure command to the drive, but it will only work if the manufacture has correctly implemented it.
    See: http://www.usenix.org/events/fast11/tech/full_papers/Wei.pdf

    If you really want to be secure, run your computer off of a Linux Live DVD and save all you files to a Micro-SD Card. :p

    .
     
  13. Frosties macrumors 6502a

    Frosties

    Joined:
    Jun 12, 2009
    Location:
    Sweden
    #13
    The unix command for secure erase files is not secure on journaled filesystems. Do a full system encryption in lion instead.
     
  14. mrapplegate macrumors 68030

    Joined:
    Feb 26, 2011
    Location:
    Cincinnati, OH
    #14
    I don't know the number of passes the secure erase feature uses. I was just referring to the built in Disk Utility function.
     

    Attached Files:

  15. ZacNicholson macrumors 6502a

    ZacNicholson

    Joined:
    Jun 25, 2011
    Location:
    Indiana
    #15
    Just Download MacKeeper and use the shredder on 7 time pass. i shred everything. haven't used my trash can in two months
     
  16. Nick 214 macrumors member

    Joined:
    Jan 11, 2010
    Location:
    Pittsburgh/Slippery Rock, PA
    #16
    Add Secure Virtual Memory to the mix whilst you're at it. It's useful.

    NK
     
  17. maxswisher macrumors newbie

    Joined:
    Sep 3, 2011
    Location:
    California
    #17
    Hmm, in 10.6 you could select how many passes you want. Now it's just a slider... interesting.
     
  18. Riemann Zeta, Sep 3, 2011
    Last edited: Sep 3, 2011

    Riemann Zeta macrumors 6502a

    Joined:
    Feb 12, 2008
    #18
    As mentioned, using Mac OS 10.6 and a physical disc-based HDD, Secure Delete is perfectly legit. And no, there is no practical way of recovering the data--not even a black ops politicorporate outfit is going to be able to recover anything useful from a high-density (say, 500GB) modern physical spinning disc after a full-scale, whole disc zero-out.

    A physical spinning disc on Lion, however, is less likely to be secure--Lion automatically saves multiple different versions of a file upon edit (and also saves images of every window ever opened and every application state); there is no way of turning off this behavior (you can turn off "app resume" itself, but the files are still written to the disc). So a secure-erase in Lion will zero-out the file itself, but there will always likely be some little cache or metadata file or saved application state that remains. Lion is a government three-letter-agency surveillance dream.

    On an SSD, there is absolutely no way to know how or where your file is physically written to the disc (because there is no disc geometry). Deleting a file doesn't really mean anything other than telling the SSD Firmware that a particular area in memory space can be occupied again, after the entire span of memory space has been occupied once. I don't think any one human really "knows" exactly what is going on inside an SSD--they are like magic black boxes with emulation software that fools a motherboard controller and operating system into thinking that they are real discs.
     
  19. hayesk macrumors 65816

    Joined:
    May 20, 2003
    #19
    Do you have information to back this up? What meta data files are you referring to (name them, please)? It is my understanding that when you secure erase a file in Lion, is securely erases all of the versions. Everything I've read says it does. Sorry I sound doubtful, but your post reads like FUD to me; I'd like to see some proof.
     
  20. iThinkergoiMac macrumors 68030

    Joined:
    Jan 20, 2010
    Location:
    Terra
    #20
    The descriptions under the slider tell you how many passes...

    This is true, though enabling full disk encryption via FileVault fixes this problem and secure delete once again becomes secure.
     
  21. mentaluproar macrumors 68000

    mentaluproar

    Joined:
    May 25, 2010
    Location:
    Ohio, USA
    #21
    I just use it to delete files that OSX thinks are in use.
     
  22. iHateMacs macrumors 6502a

    iHateMacs

    Joined:
    Aug 13, 2008
    Location:
    Coventry, UK
    #22
    So if it's possible for some top secret government department to recover data that was erased by a 7 pass algorythm, does that mean then the HDD is storing 7 bits per bit? How is this possible. You could then theoretically store 7 different mp3 files in the same physical space and then read all of them back?
     
  23. Lagmonster macrumors 6502

    Joined:
    Sep 22, 2007
    #23
    It goes back to the Gutmann paper. Given how dense drives are today it is unlikely anyone outside of three leter agencies has a shot beyond single pass wipes. Encase and FTK wont get it done, you are looking at outside te enclosure review. Try this for more info:

    commonscold.typepad.com/eddupdate/2008/04/the-multipass-e.html
     
  24. superstrikertwo macrumors 65816

    superstrikertwo

    Joined:
    Jun 9, 2008
    Location:
    California
    #24
    He says he's buying a new Mac. New Mac's have 10.7 on them.

    Edit: Never mind you're referring to the article not the OP. My bad.
     
  25. thenightwatch macrumors newbie

    Joined:
    Sep 18, 2011
    #25
    govt and companies have super advanced tools

    In the late 90s I was offered an interview with Pixar as an IT staff member (would have worked with Steve Jobs!). Anyway, I got a serious wakeup call that day about software. At that time Pixar was selling RenderMan v3 to the public, while internally they were using RenderMan v9! What I eventually found out, and I'm sure most of you know this, but maybe not quite to the extant that it really exists - large companies and especially three letter federal government institutions are using hardware and software that are multiple generations ahead of what is available to the consumer.

    I don't care what encryption software you have and use. These people have something that will beat it. Not only that, I believe, IMO and to only some extent, that the fed works with corporations to build products that give them backdoors or features that help them recover data. I have no evidence. But I see what's going on around me and I ask myself what I would do if I were in one of the three letter agencies. I'm just thinking practically, not paranoid. The n - s - a exists for one reason only. (Man, I'd love to work there!)

    When I map myself with iOS6, and watch that circle close in on my pinpoint, I realize I must have a very very basic version of this tech, and I imagine what the govt most have.

    During WWII, the USA/UK won the war for many reasons but one of the most important was our ability to break enigma codes. I think the USA learned it's lesson then if not earlier, that it needs to stay way ahead of the public and world when it comes to encryption.

    The SSD secure erase is an interesting read. I think the best method would be to burn it in a steel melting furnace, then drop it in hydrochloric acid, then put what's left into a bucket of liquid nitrogen, then carefully remove and put it back into the melting furnace. That should do the trick don't you think?
     

Share This Page