Using `shred` from the command line
Solution 1:
port install coreutils
adds a g prefix to the names of binaries, so shred is /opt/local/bin/gshred
.
Solution 2:
OSX has a built in command srm
to securely remove files. See https://developer.apple.com/legacy/library/documentation/Darwin/Reference/ManPages/man1/srm.1.html. You can also use rm -P
to overwrite the files with sequences of bytes three times.
With sierra or later, macOS no longer includes srm. But users can install it with homebrew:
brew install homebrew/dupes/srm && brew link --force homebrew/dupes/srm
Solution 3:
@user495470's answer is correct for the question posed. The problem is neither srm
or shred
really make sense for modern systems.
This is mostly due to SSDs. Unlike magnetic disks, modern TRIM-enabled disks automatically clear deleted data in the background.
SSD's also perform wear leveling. This makes attempts to "over-write" a file both futile (you'll be writting to a different physical location) and undesirable (it needlessly contributes to disk wear).
All Macs that come with an SSDs have TRIM enabled.
The other problem the file system, specifically journaled file systems, which can keep a copy of data elsewhere before it's written out.
Even on magnetic media this can cause problems for both srm
:
All users [..] should be aware that srm will only work on file systems that overwrite blocks in place. In particular, it will NOT work on [..] the vast majority of journaled file systems.
And shred
:
[..] shred relies on a very important assumption: that the file system overwrites data in place. [..] many modern file system designs do not satisfy this assumption. Exceptions include: Log-structured or journaled file systems [..]
HFS Plus volumes are journaled by default since Mac OS X v10.3.
These days, the best way to securely "deleted" files is to enable FileVault (so they're never write disk unencrypted in the first place) then just delete them and let TRIM sort it out.
If, by stroke of misfortune, you're on a magnetic medium, have journalling disabled and, for some reason, can't encrypt the disk, you're options are:
- Use
rm -P
which overwrites files with0xff
, then0x00
, and then0xff
again - Install
coreutils
forgshred
(ie.brew install coreutils && gshred secrets.txt
) -
srm
has been removed fromhomebrew-dupes
andhomebrew-core
but someone's published a tap here that works (ie.brew install khell/homebrew-srm/srm && srm secrets.txt
) - Physical destruction of the medium :)