From af5723c71e3efbfe60266162ebb5d07b45d72725 Mon Sep 17 00:00:00 2001 From: Pádraig Brady Date: Mon, 6 Apr 2009 08:42:15 +0100 Subject: shred,sort,shuf: don't use /dev/urandom by default Suggestion from Steven Schveighoffer at: http://savannah.gnu.org/patch/?6797 to greatly speed up the random passes done by shred. * gl/lib/randread.c: Default to using the internal pseudorandom generator, rather than reading /dev/urandom * src/shred.c (usage): remove mention of /dev/urandom * src/shuf.c (usage); ditto * src/sort.c (usage): ditto * doc/coreutils.text: Document the new behaviour for aquiring random data. --- NEWS | 7 +++++++ THANKS | 1 + doc/coreutils.texi | 22 +++++++++------------- gl/lib/randread.c | 24 +++++++----------------- src/shred.c | 2 +- src/shuf.c | 2 +- src/sort.c | 2 +- 7 files changed, 27 insertions(+), 33 deletions(-) diff --git a/NEWS b/NEWS index 7c507efa2..de1db4437 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,13 @@ GNU coreutils NEWS -*- outline -*- ls now aligns output correctly in the presence of abbreviated month names from the locale database that have differing widths. +** Changes in behavior + + shred, sort, shuf: now use an internal pseudorandom generator by default. + This is mainly noticable in shred where the 3 random passes it does by + default should proceed at the speed of the disk. Previously /dev/urandom + was used if available, which is relatively slow on GNU/Linux systems. + * Noteworthy changes in release 7.2 (2009-03-31) [stable] ** New features diff --git a/THANKS b/THANKS index 11f43ac68..6a918a429 100644 --- a/THANKS +++ b/THANKS @@ -525,6 +525,7 @@ Steve McIntyre steve@einval.com Steve Ward planet36@gmail.com Steven G. Johnson stevenj@alum.mit.edu Steven Mocking ufo@quicknet.nl +Steven Schveighoffer schveiguy@yahoo.com Steven P Watson steven@magelico.net Stuart Kemp skemp@peter.bmc.com Stuart Shelton stuart@shelton.me diff --git a/doc/coreutils.texi b/doc/coreutils.texi index c6e66d569..6840aff7c 100644 --- a/doc/coreutils.texi +++ b/doc/coreutils.texi @@ -1139,12 +1139,19 @@ sometimes need random data to do their work. For example, @samp{sort -R} must choose a hash function at random, and it needs random data to make this selection. -Normally these commands use the device file @file{/dev/urandom} as the +By default these commands use an internal pseudorandom generator +initialized by a small amount of entropy, but can be directed to use +an external source with the @option{--random-source=@var{file}} option. +An error is reported if @var{file} does not contain enough bytes. + +For example, the device file @file{/dev/urandom} could be used as the source of random data. Typically, this device gathers environmental noise from device drivers and other sources into an entropy pool, and uses the pool to generate random bits. If the pool is short of data, the device reuses the internal pool to produce more bits, using a -cryptographically secure pseudorandom number generator. +cryptographically secure pseudorandom number generator. But be aware +that this device is not designed for bulk random data generation +and is relatively slow. @file{/dev/urandom} suffices for most practical uses, but applications requiring high-value or long-term protection of private data may @@ -1152,21 +1159,10 @@ require an alternate data source like @file{/dev/random} or @file{/dev/arandom}. The set of available sources depends on your operating system. -To use such a source, specify the @option{--random-source=@var{file}} -option, e.g., @samp{shuf --random-source=/dev/random}. The contents -of @var{file} should be as random as possible. An error is reported -if @var{file} does not contain enough bytes to randomize the input -adequately. - To reproduce the results of an earlier invocation of a command, you can save some random data into a file and then use that file as the random source in earlier and later invocations of the command. -Some old-fashioned or stripped-down operating systems lack support for -@command{/dev/urandom}. On these systems commands like @command{shuf} -by default fall back on an internal pseudorandom generator initialized -by a small amount of entropy. - @node Target directory @section Target directory diff --git a/gl/lib/randread.c b/gl/lib/randread.c index b81a4510b..798d4e0a3 100644 --- a/gl/lib/randread.c +++ b/gl/lib/randread.c @@ -50,10 +50,6 @@ # define ALIGNED_POINTER(ptr, type) ((size_t) (ptr) % alignof (type) == 0) #endif -#ifndef DEFAULT_RANDOM_FILE -# define DEFAULT_RANDOM_FILE "/dev/urandom" -#endif - /* The maximum buffer size used for reads of random data. Using the value 2 * ISAAC_BYTES makes this the largest power of two that would not otherwise cause struct randread_source to grow. */ @@ -62,10 +58,8 @@ /* A source of random data for generating random buffers. */ struct randread_source { - /* Stream to read random bytes from. If null, the behavior is - undefined; the current implementation uses ISAAC in this case, - but this is for old-fashioned implementations that lack - /dev/urandom and callers should not rely on this. */ + /* Stream to read random bytes from. If null, the current + implementation uses an internal PRNG (ISAAC). */ FILE *source; /* Function to call, and its argument, if there is an input error or @@ -147,18 +141,14 @@ randread_new (char const *name, size_t bytes_bound) return simple_new (NULL, NULL); else { - char const *file_name = (name ? name : DEFAULT_RANDOM_FILE); - FILE *source = fopen_safer (file_name, "rb"); + FILE *source = NULL; struct randread_source *s; - if (! source) - { - if (name) - return NULL; - file_name = NULL; - } + if (name) + if (! (source = fopen_safer (name, "rb"))) + return NULL; - s = simple_new (source, file_name); + s = simple_new (source, name); if (source) setvbuf (source, s->buf.c, _IOFBF, MIN (sizeof s->buf.c, bytes_bound)); diff --git a/src/shred.c b/src/shred.c index 4b2b8e92f..cf40bdc4c 100644 --- a/src/shred.c +++ b/src/shred.c @@ -167,7 +167,7 @@ Mandatory arguments to long options are mandatory for short options too.\n\ printf (_("\ -f, --force change permissions to allow writing if necessary\n\ -n, --iterations=N overwrite N times instead of the default (%d)\n\ - --random-source=FILE get random bytes from FILE (default /dev/urandom)\n\ + --random-source=FILE get random bytes from FILE\n\ -s, --size=N shred this many bytes (suffixes like K, M, G accepted)\n\ "), DEFAULT_PASSES); fputs (_("\ diff --git a/src/shuf.c b/src/shuf.c index 977eedc0a..b221d0338 100644 --- a/src/shuf.c +++ b/src/shuf.c @@ -62,7 +62,7 @@ Mandatory arguments to long options are mandatory for short options too.\n\ -i, --input-range=LO-HI treat each number LO through HI as an input line\n\ -n, --head-count=COUNT output at most COUNT lines\n\ -o, --output=FILE write result to FILE instead of standard output\n\ - --random-source=FILE get random bytes from FILE (default /dev/urandom)\n\ + --random-source=FILE get random bytes from FILE\n\ -z, --zero-terminated end lines with 0 byte, not newline\n\ "), stdout); fputs (HELP_OPTION_DESCRIPTION, stdout); diff --git a/src/sort.c b/src/sort.c index 5b63a25bb..2e6ce877d 100644 --- a/src/sort.c +++ b/src/sort.c @@ -339,7 +339,7 @@ Ordering options:\n\ fputs (_("\ -n, --numeric-sort compare according to string numerical value\n\ -R, --random-sort sort by random hash of keys\n\ - --random-source=FILE get random bytes from FILE (default /dev/urandom)\n\ + --random-source=FILE get random bytes from FILE\n\ -r, --reverse reverse the result of comparisons\n\ "), stdout); fputs (_("\ -- cgit v1.2.3-54-g00ecf