From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Paul Eggert Newsgroups: gmane.emacs.devel Subject: Re: New function: secure-random-bytes Date: Fri, 24 Jun 2011 10:33:47 -0700 Organization: UCLA Computer Science Department Message-ID: <4E04CA7B.2020101@cs.ucla.edu> References: <87liwrh7r2.fsf@lifelogs.com> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Trace: dough.gmane.org 1308938476 19722 80.91.229.12 (24 Jun 2011 18:01:16 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Fri, 24 Jun 2011 18:01:16 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Fri Jun 24 20:01:11 2011 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([140.186.70.17]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1QaAgo-0005dd-7l for ged-emacs-devel@m.gmane.org; Fri, 24 Jun 2011 20:01:10 +0200 Original-Received: from localhost ([::1]:58939 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QaAgn-000621-11 for ged-emacs-devel@m.gmane.org; Fri, 24 Jun 2011 14:01:09 -0400 Original-Received: from eggs.gnu.org ([140.186.70.92]:35046) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QaAGb-0006mM-TV for emacs-devel@gnu.org; Fri, 24 Jun 2011 13:34:07 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1QaAGa-0007v4-1S for emacs-devel@gnu.org; Fri, 24 Jun 2011 13:34:05 -0400 Original-Received: from smtp.cs.ucla.edu ([131.179.128.62]:37830) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QaAGZ-0007rT-Ew for emacs-devel@gnu.org; Fri, 24 Jun 2011 13:34:03 -0400 Original-Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp.cs.ucla.edu (Postfix) with ESMTP id 64E8C39E810A for ; Fri, 24 Jun 2011 10:33:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at smtp.cs.ucla.edu Original-Received: from smtp.cs.ucla.edu ([127.0.0.1]) by localhost (smtp.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6SwxiLC7cP7D for ; Fri, 24 Jun 2011 10:33:53 -0700 (PDT) Original-Received: from [131.179.64.200] (Penguin.CS.UCLA.EDU [131.179.64.200]) by smtp.cs.ucla.edu (Postfix) with ESMTPSA id C293339E8100 for ; Fri, 24 Jun 2011 10:33:53 -0700 (PDT) User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.17) Gecko/20110428 Fedora/3.1.10-1.fc14 Thunderbird/3.1.10 In-Reply-To: <87liwrh7r2.fsf@lifelogs.com> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-Received-From: 131.179.128.62 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:140946 Archived-At: On 06/24/11 02:57, Ted Zlatanov wrote: > Do you think you could you provide three functions, > `secure-random-bytes-{urandom,gnutls,openssl}' instead of three versions > with the same name? I dunno, I kind of like the simpler interface. It's better to have the notion of a random-source, independent of the notion of generating random bytes from it. Whether that source should be represenated by an atom or by something else is a different matter. > I'm not sure what the auto priority should be. Are the GnuTLS/OpenSSL > functions better than /dev/urandom? They are certainly slower. If they're slower than /dev/urandom, they must be pretty slow. I suggest using ISAAC-64, which is what coreutils' random-bytes generators use by default. (Coreutils originally defaulted to /dev/urandom, but users complained because that was too slow.) On my list of things to do is to gnulib-ize the coreutils ISAAC-64 and random-bytes generators, and I can do that if there's interest. Here's one benchmark of the performance difference, run on Fedora 14 x86-64. The benchmark creates 1 GB of random data and outputs it to /dev/null. With ISAAC-64, it takes 0.48 seconds real-time. With /dev/urandom, it takes 146 seconds real-time. So ISAAC-64 is about 300x faster. $ time shred -v -n1 -s 1GB /dev/null shred: /dev/null: pass 1/1 (random)... real 0m0.476s user 0m0.397s sys 0m0.072s $ time shred -v -n1 -s 1GB --random-source=/dev/urandom /dev/null shred: /dev/null: pass 1/1 (random)... shred: /dev/null: pass 1/1 (random)...32MiB/954MiB 3% shred: /dev/null: pass 1/1 (random)...63MiB/954MiB 6% ... shred: /dev/null: pass 1/1 (random)...954MiB/954MiB 100% real 2m25.969s user 0m0.013s sys 2m24.189s