WIPE(1)							  WIPE(1)

NAME
       wipe - secure file deletion utility

SYNOPSIS
       wipe

       [-ucwsiIhfFdDnNvVzZrRtTkKA]     [-B(count)]     [-S(size)]
       [-C(size)] [-l[0-3]] [-x[1-32] -X] [-p(1-32)]  [-b(0-255)]
       [files]


DEFAULT
       wipe -ZdntVAk -S512 -C4096 -l1 -x4 -p1


DESCRIPTION
       Wipe  is	 a secure file wiping utility. There are some low
       level issues that must be taken into consideration. One of
       these  is  that	there  must be some sort of write barrier
       between passes. Wipe uses fdatasync(2) (or fsync(2)) as	a
       write barrier, or if fsync(2) isn't available, the file is
       opened with the O_DSYNC or O_SYNC flag.	For  wipe  to  be
       effective, each pass must be completely written. To ensure
       this, the drive must support some form of a write barrier,
       write cache flush, or write cache disabling. SCSI supports
       ordered command tags, has a force  media	 access	 bit  for
       commands,  and  write cache can be disable on mode page 8.
       IDE/ATA drives support write cache flushes and write cache
       disabling.  Unfortunetly,  not all drives actually disable
       write cache when asked to. Those drives are broken.  Write
       caching	should	always be disabled, unless your system is
       battery backed and always powers down cleanly

       Under linux, the mount option "mand"  must  be  used  (see
       linux/Documentation/mandatory.txt)   for	  mandatory  file
       locks to be enabled. Wipe should make it extremely  diffi-
       cult  for all but the most determined person(s) to recover
       the original plaintext data. Utilities such as PGP and the
       GNU  Privacy  Guard provide strong encryption, but encryp-
       tion is useless if the original plaintext  can  be  recov-
       ered.  When  using  PGP	and GPG, temporary files that are
       disk-backed should be stored on an encrypted file  system.
       That  way,  the plaintext never hits the platters. Wipe is
       designed for situations where  an  encrypted  file  system
       isn't practical.

       Wipe uses /dev/urandom, or if unavailable, /dev/random, as
       a source for entropy. The Mersenne Twister  PRNG	 is  used
       for speed. The MT site is at:

       http://www.math.keio.ac.jp/~matumoto/emt.html

       For  more  information  on the secure deletion of magnetic
       media and solid state storage devices (such as  DRAM)  see
       the USENIX article by Peter Gutmann at:

       http://www.cs.auckland.ac.nz/~pgut001/secure_del.html


OPTIONS
       -h     Display  help  screen.  Shows options and what they
	      do.

       -u     usage - shows options

       -c     shows copywrite information

       -w     shows warranty

       -i     interactive - prompt whether to  remove  each  file
	      explicitly checks file permissions

       -I     disables interaction

       -f     forces  file wiping and suppresses permission warn-
	      ings

       -r or -R
	      recursion - traverse subdirectories

       -s     silent - disable percent reporting and  some  warn-
	      ings

       -V     verbose  - shows percentage if file size is above a
	      certain limit (see wipe -h)

       -v     force verbose - always show percentage

       -d and -D
	      delete (-d) or keep (-D) after wiping

       -n and -N
	      delete (-n) or skip (-N) fifos, sockets, sym links,
	      and char devices

       -k and -K
	      lock (-k) or don't lock (-K) files during wiping

       -z     zero-out file - performs a single pass of zeros

       -Z     perform normal passes - overrides -z

       -t and -T
	      enable (-t) or disable (-T) static passes

       -a and -A
	      write until out of space (-a) or don't (-A)

       -B     override block device sector count

       -S     override block device sector size

       -C     chunk size - the maximum file buffer size

       -l     sets generic security level

	      level 0, the PRNG is only seeded once

	      level 1, the PRNG is seeded once per file

	      level 2, the PRNG is seeded once per random pass

       -x     enables random passes and optionally, how many ran-
	      dom passes to perform - note that the random passes
	      are  run	twice, once before the static passes, and
	      once after

       -X     disable random passes

       -p     loop  passes  -  perform	wipe  sequence	x  times,
	      including random passes

       -b     custom byte - overwrite once with a specific byte


FILES
       /dev/urandom
	      Wipe  uses  this	character  device for a source of
	      entropy

       /dev/random
	      Wipe falls back to using this  if	 /dev/urandom  is
	      not available


DIAGNOSTICS
       If an error occurs, the exit code will be the errno value.
       An exit code of 2 indicates bad usage.


BUGS
       Wipe does not work on log structured file systems, or  any
       other type of file system or block device that reallocates
       sectors on write.

       Some programs are vulnerable to symlink	races.	To  avoid
       this  problem  with  wipe,  only wipe files in directories
       that are not writable by untrusted users.


NOTES
       Other file wiping utilities

       There are several other file wipers available.

       Another	"wipe"	 by   Berke   Durak   <durakb@crit2.univ-
       montp2.fr> is available at

       http://altern.org/berke/wipe/

       Colin Plumb's <colin@nyx.net> sterilize.

       Todd  Burgess's	<tburgess@eddie.cis.uoguelph.ca>  srm  is
       available on sunsite/metalab in

       ftp://metalab.unc.edu/pub/Linux/system/filesystems/


AUTHOR
       Copyright (C) 1998-2001 by Tom Vier  <nester@users.source-
       forge.net>


AVAILABILITY
       http://wipe.sourceforge.net/


SEE ALSO
       /usr/doc/wipe/README

