Re: Encrypting an External HDD

Fri, 17 Apr 2015 12:09:13 -0700 

I don't think it's quite this simple:

On 04/16/2015 06:56 PM, Celejar wrote:
> I don't think it's quite this simple:
> 1) OpenSSl thinks /dev/urandom is good enough for crypto:
> https://www.openssl.org/support/faq.html#USER1
> 2) Perl's Math::Random::Secure also thinks it's generally good enough:
> http://search.cpan.org/~mkanat/Math-Random-Secure-0.06/lib/Math/Random/Secure.pm#Making_Math::Random::Secure_Even_More_Secure 
> 3) Read these guys (don't know how correct they are):
> http://www.2uo.de/myths-about-urandom/
> http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/
It seems that nothing is simple in mathematics, computer science, or cryptography. ;-) 


I follow this advise for keys:

    2015-04-17 11:26:44 dpchrist@t2250 ~
    $ man random | grep -A 6 Usage
       Usage
           If  you  are  unsure  about  whether  you  should   use
           /dev/random  or /dev/urandom, then probably you want to
           use the latter.  As a general rule, /dev/urandom should
           be  used  for  everything except long-lived GPG/SSL/SSH
           keys.


Doing some quick benchmarking (see console session, below):
1. I use 'shred' when I want to fill a disk or partition with random numbers. It is ~1.7 orders of magnitude faster than /etc/urandom.
2. Perl's Math::Random::ISAAC::XS is only slightly faster than /dev/urandom. 


David



2015-04-17 11:50:24 dpchrist@t2250 ~
$ time dd if=/dev/urandom of=/dev/null bs=1M count=100 2>/dev/null

real    0m20.302s
user    0m0.000s
sys     0m20.285s



2015-04-17 11:52:31 dpchrist@t2250 ~
$ time shred -s 100M - > /dev/null
real    0m0.407s
user    0m0.380s
sys     0m0.020s

2015-04-17 11:52:39 dpchrist@t2250 ~
$ time shred -s 1000M - > /dev/null

real    0m5.377s
user    0m5.068s
sys     0m0.084s

2015-04-17 11:52:48 dpchrist@t2250 ~
$ time shred -s 10000M - > /dev/null

real    0m38.150s
user    0m37.554s
sys     0m0.552s



2015-04-17 12:02:00 dpchrist@t2250 ~
$ time perl -MMath::Random::ISAAC::XS -e '$r=Math::Random::ISAAC::XS->new(time);while(print $r->irand){}' | dd iflag=fullblock of=/dev/null bs=1M count=100 2>/dev/null 

real    0m18.277s
user    0m18.201s
sys     0m0.280s


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org 
Archive: https://lists.debian.org/55315a2f.2080...@holgerdanske.com

Reply via email to