Securely deleting a file in C#.NET

Question

In a project I am doing I want to give users the option of \'securely\' deleting a file - as in, overwriting it with random bits or 0\'s. Is there an easy-ish way of doing this

Answer 1

It wouldn't be secure at all. Instead you may wish to look at alternative solutions like encryption.

One solution would be to encrypt the contents of the data file. A new key would be used each time the file is updated. When you want to "securely delete" the data simply "lose" the encryption key and delete the file. The file will still be on the disk physically but without the encryption key recovery would be impossible.

Here is more detailed explanation as to why "secure" overwrites of files is poor security:

Without a low level tool (outside of .net runtime) you have no access to the physical disk location. Take a filestream on NTFS, when you "open a file for write access" you have no guarantee that the "updated" copy (in this case random 101010 version) will be stored in the same place (thus overwriting the original file). In fact most of the time this is what happens:

1) File x.dat is stored starting at cluster 8493489 2) You open file x.dat for write access. What is returned to you by the OS is merely a pointer to the file stream abstracted by not just the OS but the underlying file system and device drivers (hardware RAID for example) and sometimes the physical disk itself (SSD). You update the contents of the file with random 1 & 0s and close the filestream.

3) The OS likely may (and likely will) write the new file to another cluster (say cluster 4384939). It will then merely update the MFT indicating file x is now stored at 4384939.

To the end user it looks like only one copy of the file exists and it now has random data in it however the original data still exists on the disk.

Instead you should consider encrypting the contents of the file with a different key each time file is saved. When the user wants the file "deleted" delete the key and file. The physical file may remain but without encryption key recovery would be impossible.