From af5723c71e3efbfe60266162ebb5d07b45d72725 Mon Sep 17 00:00:00 2001 From: Pádraig Brady Date: Mon, 6 Apr 2009 08:42:15 +0100 Subject: shred,sort,shuf: don't use /dev/urandom by default Suggestion from Steven Schveighoffer at: http://savannah.gnu.org/patch/?6797 to greatly speed up the random passes done by shred. * gl/lib/randread.c: Default to using the internal pseudorandom generator, rather than reading /dev/urandom * src/shred.c (usage): remove mention of /dev/urandom * src/shuf.c (usage); ditto * src/sort.c (usage): ditto * doc/coreutils.text: Document the new behaviour for aquiring random data. --- doc/coreutils.texi | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) (limited to 'doc') diff --git a/doc/coreutils.texi b/doc/coreutils.texi index c6e66d569..6840aff7c 100644 --- a/doc/coreutils.texi +++ b/doc/coreutils.texi @@ -1139,12 +1139,19 @@ sometimes need random data to do their work. For example, @samp{sort -R} must choose a hash function at random, and it needs random data to make this selection. -Normally these commands use the device file @file{/dev/urandom} as the +By default these commands use an internal pseudorandom generator +initialized by a small amount of entropy, but can be directed to use +an external source with the @option{--random-source=@var{file}} option. +An error is reported if @var{file} does not contain enough bytes. + +For example, the device file @file{/dev/urandom} could be used as the source of random data. Typically, this device gathers environmental noise from device drivers and other sources into an entropy pool, and uses the pool to generate random bits. If the pool is short of data, the device reuses the internal pool to produce more bits, using a -cryptographically secure pseudorandom number generator. +cryptographically secure pseudorandom number generator. But be aware +that this device is not designed for bulk random data generation +and is relatively slow. @file{/dev/urandom} suffices for most practical uses, but applications requiring high-value or long-term protection of private data may @@ -1152,21 +1159,10 @@ require an alternate data source like @file{/dev/random} or @file{/dev/arandom}. The set of available sources depends on your operating system. -To use such a source, specify the @option{--random-source=@var{file}} -option, e.g., @samp{shuf --random-source=/dev/random}. The contents -of @var{file} should be as random as possible. An error is reported -if @var{file} does not contain enough bytes to randomize the input -adequately. - To reproduce the results of an earlier invocation of a command, you can save some random data into a file and then use that file as the random source in earlier and later invocations of the command. -Some old-fashioned or stripped-down operating systems lack support for -@command{/dev/urandom}. On these systems commands like @command{shuf} -by default fall back on an internal pseudorandom generator initialized -by a small amount of entropy. - @node Target directory @section Target directory -- cgit v1.2.3-70-g09d2