summaryrefslogtreecommitdiff
path: root/system/srm/README
diff options
context:
space:
mode:
Diffstat (limited to 'system/srm/README')
-rw-r--r--system/srm/README23
1 files changed, 12 insertions, 11 deletions
diff --git a/system/srm/README b/system/srm/README
index d231d5aafa..a2c86552ed 100644
--- a/system/srm/README
+++ b/system/srm/README
@@ -1,14 +1,15 @@
srm is a secure replacement for rm(1). Unlike the standard rm, it overwrites
the data in the target files before unlinking them. This prevents command-line
-recovery of the data by examining the raw block device. It may also help
-frustrate physical examination of the disk, although it's unlikely that it can
-completely prevent that type of recovery. It is, essentially, a paper shredder
-for sensitive files.
+recovery of the data by examining the raw block device. It may also help to
+frustrate a physical examination of the disk, although it's unlikely that it can
+completely protect against this type of recovery.
-srm is ideal for personal computers or workstations with Internet connections.
-It can help prevent malicious users from breaking in and undeleting personal
-files, such as old emails. It's also useful for permanently removing files
-from expensive media. For example, cleaning your diary off the zip disk you're
-using to send vacation pictures to Uncle Lou. Because it uses the exact same
-options as rm(1), srm is simple to use. Just subsitute it for rm whenever you
-want to destroy files, rather than just unlinking them.
+srm uses algorithms found in "Secure Deletion of Data from Magnetic and Solid-
+State Memory" by Peter Gutmann and THC Secure Delete (the overwrite, truncate,
+rename, unlink sequence).
+
+Please note that srm will only work on file systems that overwrite blocks in
+place. In particular, it will *NOT* work on reiserfs or the vast majority of
+journaled file systems. It should work on ext2, FAT-based file systems, and
+the BSD native file system. On ext3, srm will try to disable the journaling
+of data (please see the verbose output if this fails).