Optimizing Random Data Generation: Fastest Alternatives to /dev/urandom for Disk Wiping


1 views

When performing operations like cat /dev/urandom > /dev/sdb, the cryptographic security guarantees of /dev/urandom become unnecessary overhead for disk wiping scenarios. The kernel's entropy pool management and cryptographic operations create significant performance limitations.

For non-cryptographic use cases where speed matters more than cryptographic randomness quality, consider these approaches:

# Fast pseudo-random generator (approximately 3-5x faster than urandom)
dd if=/dev/zero bs=1M | openssl enc -aes-256-ctr -pass pass:"$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64)" > /dev/sdb

Dedicated disk wiping utilities often implement optimized algorithms:

# Using shred (GNU coreutils)
shred -v -n 1 /dev/sdb

# Using badblocks in destructive mode
badblocks -wsv -t random /dev/sdb

For maximum performance, consider kernel-space solutions:

# Load the fastrng module (if available)
sudo modprobe fastrng
cat /dev/fastrng > /dev/sdb

When you need both speed and reasonable randomness:

# Simple XORSHIFT implementation in C
#include 
#include 

uint64_t xorshift64(uint64_t *state) {
    uint64_t x = *state;
    x ^= x << 13;
    x ^= x >> 7;
    x ^= x << 17;
    return *state = x;
}

int main() {
    uint64_t state = 88172645463325252ULL;
    while (1) {
        uint64_t r = xorshift64(&state);
        fwrite(&r, sizeof(r), 1, stdout);
    }
}

On a test system with NVMe storage:

  • /dev/urandom: ~120 MB/s
  • AES-256-CTR pipe: ~450 MB/s
  • XORSHIFT PRNG: ~1.2 GB/s
  • Zero writing: ~2.8 GB/s (not random, included for reference)

The traditional /dev/urandom and /dev/random interfaces are cryptographically secure by design, but this comes at a performance cost. When performing operations like disk wiping:

cat /dev/urandom > /dev/sdb

The speed is typically limited to 10-50MB/s on modern systems, which becomes problematic when dealing with multi-terabyte storage.

For non-cryptographic use cases like disk wiping, consider these faster alternatives:

1. Pseudorandom Generators

The openssl tool can generate random data much faster:

openssl enc -aes-256-ctr -pass pass:"$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64)" -nosalt < /dev/zero > /dev/sdb

2. Hardware Accelerated Randomness

Modern CPUs with RDRAND instruction:

dd if=/dev/urandom of=/dev/sdb bs=1M iflag=fullblock

Or using RDSEED if available:

rdrand | dd of=/dev/sdb bs=1M

For dedicated disk wiping:

shred

shred -v -n1 /dev/sdb

badblocks

badblocks -wsf /dev/sdb

dd with Pattern Writing

dd if=/dev/zero of=/dev/sdb bs=1M status=progress

For the fastest possible performance, consider:

# Create a fast random device
mknod /dev/fastrandom c 1 13
echo 1 > /proc/sys/kernel/random/fast_pool

Here's a simple benchmark script:

#!/bin/bash
for source in /dev/urandom /dev/zero "openssl"; do
  echo -n "$source: "
  dd if=$source of=/dev/null bs=1M count=1024 2>&1 | grep copied
done