RANDOM(4D) Devices RANDOM(4D)
NAME
random, urandom - Strong random number generator device
SYNOPSIS
/dev/random
/dev/urandom
DESCRIPTION
The
/dev/random and
/dev/urandom files are special files that are a
source for random bytes generated by the kernel random number
generator device. The
/dev/random and
/dev/urandom files are
suitable for applications requiring high quality random numbers for
cryptographic purposes.
The generator device produces random numbers from data and devices
available to the kernel and estimates the amount of randomness (or
"entropy") collected from these sources. The entropy level determines
the amount of high quality random numbers that are produced at a
given time.
Applications retrieve random bytes by reading
/dev/random or
/dev/urandom. The
/dev/random interface returns random bytes only
when sufficient amount of entropy has been collected. If there is no
entropy to produce the requested number of bytes,
/dev/random blocks
until more entropy can be obtained. Non-blocking I/O mode can be used
to disable the blocking behavior. The
/dev/random interface also
supports
poll(2). Note that using
poll(2) will not increase the
speed at which random numbers can be read.
Bytes retrieved from
/dev/random provide the highest quality random
numbers produced by the generator, and can be used to generate long
term keys and other high value keying material.
The
/dev/urandom interface returns bytes regardless of the amount of
entropy available. It does not block on a read request due to lack of
entropy. While bytes produced by the
/dev/urandom interface are of
lower quality than bytes produced by
/dev/random, they are
nonetheless suitable for less demanding and shorter term
cryptographic uses such as short term session keys, paddings, and
challenge strings.
Data can be written to
/dev/random and
/dev/urandom. Data written to
either special file is added to the generator's internal state. Data
that is difficult to predict by other users may contribute randomness
to the generator state and help improve the quality of future
generated random numbers.
/dev/random collects entropy from providers that are registered with
the kernel-level cryptographic framework and implement random number
generation routines. The
cryptoadm(8) utility allows an administrator
to configure which providers will be used with
/dev/random.
ERRORS
EAGAIN O_NDELAY or
O_NONBLOCK was set and no random bytes are
available for reading from
/dev/random.
EINTR A signal was caught while reading and no data was
transferred.
ENOXIO open(2) request failed on
/dev/random because no entropy
provider is available.
FILES
/dev/random /dev/urandomATTRIBUTES
See
attributes(7) for descriptions of the following attributes:
+--------------------+-----------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|Interface Stability | Evolving |
+--------------------+-----------------+
SEE ALSO
open(2),
poll(2),
attributes(7),
cryptoadm(8)NOTES
/dev/random can be configured to use only the hardware-based
providers registered with the kernel-level cryptographic framework by
disabling the software-based provider using
cryptoadm(8). You can
also use
cryptoadm(8) to obtain the name of the software-based
provider.
Because no entropy is available, disabling all randomness providers
causes
read(2) and
poll(2) on
/dev/random to block indefinitely and
results in a warning message being logged and displayed on the system
console. However,
read(2) and
poll(2) on
/dev/urandom continue to
work in this case.
An implementation of the
/dev/random and
/dev/urandom kernel-based
random number generator first appeared in Linux 1.3.30.
A
/dev/random interface for Solaris first appeared as part of the
CryptoRand implementation.
September 1, 2008 RANDOM(4D)
