From: Paul Eggert <eggert@cs.ucla.edu>
To: emacs-devel@gnu.org
Subject: Re: New function: secure-random-bytes
Date: Fri, 24 Jun 2011 10:33:47 -0700 [thread overview]
Message-ID: <4E04CA7B.2020101@cs.ucla.edu> (raw)
In-Reply-To: <87liwrh7r2.fsf@lifelogs.com>
On 06/24/11 02:57, Ted Zlatanov wrote:
> Do you think you could you provide three functions,
> `secure-random-bytes-{urandom,gnutls,openssl}' instead of three versions
> with the same name?
I dunno, I kind of like the simpler interface.
It's better to have the notion of a random-source,
independent of the notion of generating random bytes from it.
Whether that source should be represenated by an atom or
by something else is a different matter.
> I'm not sure what the auto priority should be. Are the GnuTLS/OpenSSL
> functions better than /dev/urandom? They are certainly slower.
If they're slower than /dev/urandom, they must be pretty slow.
I suggest using ISAAC-64, which is what coreutils' random-bytes
generators use by default. (Coreutils originally defaulted to
/dev/urandom, but users complained because that was too slow.)
On my list of things to do is to gnulib-ize the coreutils
ISAAC-64 and random-bytes generators, and I can do that if
there's interest.
Here's one benchmark of the performance difference, run on
Fedora 14 x86-64. The benchmark creates 1 GB of random data
and outputs it to /dev/null. With ISAAC-64, it takes 0.48
seconds real-time. With /dev/urandom, it takes 146 seconds
real-time. So ISAAC-64 is about 300x faster.
$ time shred -v -n1 -s 1GB /dev/null
shred: /dev/null: pass 1/1 (random)...
real 0m0.476s
user 0m0.397s
sys 0m0.072s
$ time shred -v -n1 -s 1GB --random-source=/dev/urandom /dev/null
shred: /dev/null: pass 1/1 (random)...
shred: /dev/null: pass 1/1 (random)...32MiB/954MiB 3%
shred: /dev/null: pass 1/1 (random)...63MiB/954MiB 6%
...
shred: /dev/null: pass 1/1 (random)...954MiB/954MiB 100%
real 2m25.969s
user 0m0.013s
sys 2m24.189s
next prev parent reply other threads:[~2011-06-24 17:33 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-24 7:50 New function: secure-random-bytes Leo
2011-06-24 9:57 ` Ted Zlatanov
2011-06-24 17:33 ` Paul Eggert [this message]
2011-06-25 7:26 ` Leo
2011-06-27 16:10 ` Ted Zlatanov
2013-03-18 10:26 ` Leo Liu
2013-03-18 16:48 ` Paul Eggert
2013-03-18 21:07 ` Romain Francoise
2019-05-15 12:09 ` Julian Scheid
2019-05-16 17:34 ` Paul Eggert
2011-06-24 13:33 ` James Cloos
2011-06-25 7:27 ` Leo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E04CA7B.2020101@cs.ucla.edu \
--to=eggert@cs.ucla.edu \
--cc=emacs-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).