Is there an alternative to /dev/urandom?
Is there some faster way than /dev/[u]random? Sometimes, I need to do things like
cat /dev/urandom > /dev/sdb
The random devices are "too" secure und unfortunately too slow for that. I know that there are wipe
and similar tools for secure deletion, but I suppose there are also some on-board means to that in Linux.
Solution 1:
If you're looking to do a "secure" erase of a hard drive (or file), you ought to look at the shred utility.
As the previous posters point out, the /dev/*random devices are meant to be used as a source of small chunks of random data.
Solution 2:
Unfortunately Linux has bad implementation of urandom. You could use aes256-ctr with a random key and get several hundred megabytes of pseudo-randomness per second, if your CPU supports AES-NI (hardware acceleration). I am looking forward to urandom switching to a modern approach as well.
openssl enc -aes-256-ctr -pass pass:"$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64)" -nosalt < /dev/zero > randomfile.bin
This puppy does 1.0 GB/s on my box (compared to 14 MB/s of /dev/urandom). It uses urandom only to create a random password and then does very fast encryption of /dev/zero using that key. This should be a cryptographically secure PRNG but I won't make guarantees.
Solution 3:
In a quick test under Ubuntu 8.04 on a Thinkpad T60p with T2500 CPU, 1GB of random data from openssl rand
was 3-4X faster than /dev/urandom
. That is,
time cat /dev/urandom | head -c 1000000000 > /dev/null
...was around 4 minutes while...
time openssl rand 1000000000 | head -c 1000000000 > /dev/null
...was just over 1 minute.
Unsure if there's a difference in random-quality, but either is probably fine for HD-wiping.