Secure Erase Scraps of info.
I realise that this request (secure erase) is beyond the scope of 1Password currently. If I need to securely erase info then what do I use? I previously used Heidi Eraser but I haven't looked at it lately.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
I realise that this request (secure erase) is beyond the scope of 1Password currently. If I need to securely erase info then what do I use?
@wkleem: The scope depends on what exactly you're trying to erase securely. If you're talking about 1Password securely deleting data separate from your vault, then yes this isn't something that 1Password is designed to do.
But when it comes to your 1Password data, it's encrypted, so when you Trash an item or empty the trash the data isn't moved "outside" of 1Password in an unencrypted form. The exception to the encrypted data rule is attachments, as these need to be decrypted in order to allow them to be opened in another app. More specifically, they are decrypted and stored by the OS as temporary files.
Now, when it comes to securely deleting data, this varies from platform to platform. In the case of OS X, this is pretty straightforward, as you can simply Trash the file(s) and use Finder > Secure Empty Trash to have the OS both delete and zero out the data. Now, I can't find specifics on the exact process that is used here, besides this:
But there are 3rd party apps for this purpose as well. The major caveat is that it is not possible to reliably target a particular "location" on an SSD to try to overwrite it, so it may be possible to recover the data in that case. However, if you're using FileVault2 on OS X (
Do it!) this is largely irrelevant, as all data written to the disk was encrypted in the first place.Similarly, Windows has BitLocker which, although there are some concerns about ways it might be circumvented, also provides whole disk encryption. And there are also a number of apps for Windows which will overwrite freespace with random data to prevent recovery.
So while this isn't something that 1Password itself can help with directly, there are a lot of options out there — especially given the current climate concerning privacy and security. :)
0 -
-
@brenty Thanks for the info. There are reasons not to use FileVault on OS X. Drive repair utilities like the excellent Disk Warrior and Drive Genius couldn't read the disks in its encrypted state. I don't use BitLocker as it is a whole disk encryption. I wish Agilebits would release a Knox for Windows. I'll certainly look into that!
@RichardPayne I did find CLI utilities from Microsoft that would do the trick: sdelete from Mark Russovich's Sysinternals. Also, there is a cipher command line encryption utility built into Windows 7 that I wasn't aware of.
Thanks for your comments.
0 -
I wish Agilebits would release a Knox for Windows. I'll certainly look into that!
@wkleem: While I can't say we have plans to do this (after all, the technologies that Knox uses on OS X do not exist on Windows) it's certainly something we can consider in the future.
In my opinion, Mark Russinovich does some great work (both from a technological and literary perspective), and in the past he's also been forthcoming when it comes to the inner workings of the utilities he releases — which isn't something that can always be said about others, usually due to lack of documentation. I'm not personally familiar with similar utilities for OS X since I'm happy to use Secure Empty Trash there.
0 -
@brenty, Apologies to Mark Russinovich for misspelling his name!
@wkleem: I lol'd, because of course I had to check the spelling myself! :lol:
He did some fantastic sleuthing when Sony inserted rootkit into the CDs for copy protection and then botched the solution which made users more vulnerable.
Indeed. I'm a fan. :)
0
