|
|
|
|
|
|
by schoen
3199 days ago
|
|
|
> (sort -R sorts by hash, which is not really randomisation.) I looked at the source code for GNU sort and what they're doing is reading 16 bytes from the system CSPRNG and then initializing an MD5 digest object with those 16 bytes of input. Then the input lines are sorted according to the hash of each line with the 16 bytes prepended. Although they should no longer use MD5 for this, I don't think we know anything about the structure of MD5 that would even allow an adversary to have any advantage above chance in distinguishing between output created this way and an output created via a different randomization method. (Edit: or distinguishing between the distribution of output created this way and the distribution of output created via another method!) The output of sort -R is different on each output and ordinarily covers the whole range of possible permutations. $ for i in $(seq 10000); do seq 6 | sort -R | sha256sum; done | sort -u | wc -l
720
|
|
|
Eg `(seq 3; seq 3; seq 3) | sort -R`.