Is there an alternative to /dev/urandom?

Is there some faster way than /dev/[u]random? Sometimes, I need to do things like

cat /dev/urandom > /dev/sdb

The random devices are "too" secure und unfortunately too slow for that. I know that there are wipe and similar tools for secure deletion, but I suppose there are also some on-board means to that in Linux.

Solution 1:

If you're looking to do a "secure" erase of a hard drive (or file), you ought to look at the shred utility.

As the previous posters point out, the /dev/*random devices are meant to be used as a source of small chunks of random data.

Solution 2:

Unfortunately Linux has bad implementation of urandom. You could use aes256-ctr with a random key and get several hundred megabytes of pseudo-randomness per second, if your CPU supports AES-NI (hardware acceleration). I am looking forward to urandom switching to a modern approach as well.

openssl enc -aes-256-ctr -pass pass:"$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64)" -nosalt < /dev/zero > randomfile.bin

This puppy does 1.0 GB/s on my box (compared to 14 MB/s of /dev/urandom). It uses urandom only to create a random password and then does very fast encryption of /dev/zero using that key. This should be a cryptographically secure PRNG but I won't make guarantees.

Solution 3:

In a quick test under Ubuntu 8.04 on a Thinkpad T60p with T2500 CPU, 1GB of random data from openssl rand was 3-4X faster than /dev/urandom. That is,

time cat /dev/urandom | head -c 1000000000 > /dev/null

...was around 4 minutes while...

time openssl rand 1000000000 | head -c 1000000000 > /dev/null

...was just over 1 minute.

Unsure if there's a difference in random-quality, but either is probably fine for HD-wiping.