2004-11-03 13:51:07 +00:00
|
|
|
.\" Copyright (c) 1997 John S. Kallal (kallal@voicenet.com)
|
|
|
|
.\"
|
|
|
|
.\" This is free documentation; you can redistribute it and/or
|
|
|
|
.\" modify it under the terms of the GNU General Public License as
|
|
|
|
.\" published by the Free Software Foundation; either version 2 of
|
|
|
|
.\" the License, or (at your option) any later version.
|
|
|
|
.\"
|
|
|
|
.\" Some changes by tytso and aeb.
|
|
|
|
.\"
|
2004-12-16 14:24:00 +00:00
|
|
|
.\" 2004-12-16, John V. Belmonte/mtk, Updated init and quit scripts
|
2005-04-18 13:35:29 +00:00
|
|
|
.\" 2004-04-08, AEB, Improved description of read from /dev/urandom
|
2004-12-16 14:24:00 +00:00
|
|
|
.\"
|
2004-11-03 13:51:07 +00:00
|
|
|
.TH RANDOM 4 2003-10-25 "Linux" "Linux Programmer's Manual"
|
|
|
|
.SH NAME
|
|
|
|
random, urandom \- kernel random number source devices
|
|
|
|
.SH DESCRIPTION
|
2005-11-02 13:55:25 +00:00
|
|
|
The character special files \fI/dev/random\fP and
|
|
|
|
\fI/dev/urandom\fP (present since Linux 1.3.30)
|
2004-11-03 13:51:07 +00:00
|
|
|
provide an interface to the kernel's random number generator.
|
2005-11-02 13:55:25 +00:00
|
|
|
File \fI/dev/random\fP has major device number 1
|
|
|
|
and minor device number 8. File \fI/dev/urandom\fP
|
2004-11-03 13:51:07 +00:00
|
|
|
has major device number 1 and minor device number 9.
|
|
|
|
.LP
|
|
|
|
The random number generator gathers environmental noise
|
|
|
|
from device drivers and other sources into an entropy pool.
|
|
|
|
The generator also keeps an estimate of the
|
|
|
|
number of bits of noise in the entropy pool.
|
|
|
|
From this entropy pool random numbers are created.
|
|
|
|
.LP
|
2005-11-02 13:55:25 +00:00
|
|
|
When read, the \fI/dev/random\fP device will only return random bytes
|
2004-11-03 13:51:07 +00:00
|
|
|
within the estimated number of bits of noise in the entropy
|
2005-11-02 13:55:25 +00:00
|
|
|
pool. \fI/dev/random\fP should be suitable for uses that need very
|
2004-11-03 13:51:07 +00:00
|
|
|
high quality randomness such as one-time pad or key generation.
|
2005-11-02 13:55:25 +00:00
|
|
|
When the entropy pool is empty, reads from \fI/dev/random\fP will block
|
2004-11-03 13:51:07 +00:00
|
|
|
until additional environmental noise is gathered.
|
|
|
|
.LP
|
2005-11-02 13:55:25 +00:00
|
|
|
A read from the \fI/dev/urandom\fP device will not block
|
2005-04-08 07:58:55 +00:00
|
|
|
waiting for more entropy.
|
|
|
|
As a result, if there is not sufficient entropy in the
|
2004-11-03 13:51:07 +00:00
|
|
|
entropy pool, the returned values are theoretically vulnerable to a
|
|
|
|
cryptographic attack on the algorithms used by the driver. Knowledge of
|
|
|
|
how to do this is not available in the current non-classified
|
|
|
|
literature, but it is theoretically possible that such an attack may
|
2005-11-02 13:55:25 +00:00
|
|
|
exist. If this is a concern in your application, use \fI/dev/random\fP
|
2004-11-03 13:51:07 +00:00
|
|
|
instead.
|
|
|
|
.SH CONFIGURING
|
|
|
|
If your system does not have
|
2005-11-02 13:55:25 +00:00
|
|
|
\fI/dev/random\fP and \fI/dev/urandom\fP created already, they
|
2004-11-03 13:51:07 +00:00
|
|
|
can be created with the following commands:
|
|
|
|
|
|
|
|
.nf
|
2005-07-06 12:57:38 +00:00
|
|
|
mknod \-m 644 /dev/random c 1 8
|
|
|
|
mknod \-m 644 /dev/urandom c 1 9
|
2004-11-03 13:51:07 +00:00
|
|
|
chown root:root /dev/random /dev/urandom
|
|
|
|
.fi
|
|
|
|
|
|
|
|
When a Linux system starts up without much operator interaction,
|
|
|
|
the entropy pool may be in a fairly predictable state.
|
|
|
|
This reduces the actual amount of noise in the entropy pool
|
|
|
|
below the estimate. In order to counteract this effect, it helps to carry
|
|
|
|
entropy pool information across shut-downs and start-ups.
|
|
|
|
To do this, add the following lines to an appropriate script
|
|
|
|
which is run during the Linux system start-up sequence:
|
|
|
|
|
|
|
|
.nf
|
2004-12-16 14:24:00 +00:00
|
|
|
echo "Initializing random number generator..."
|
|
|
|
random_seed=/var/run/random-seed
|
|
|
|
# Carry a random seed from start-up to start-up
|
|
|
|
# Load and then save the whole entropy pool
|
2005-07-06 12:57:38 +00:00
|
|
|
if [ \-f $random_seed ]; then
|
2004-12-16 14:24:00 +00:00
|
|
|
cat $random_seed >/dev/urandom
|
|
|
|
else
|
|
|
|
touch $random_seed
|
|
|
|
fi
|
|
|
|
chmod 600 $random_seed
|
|
|
|
poolfile=/proc/sys/kernel/random/poolsize
|
2005-07-06 12:57:38 +00:00
|
|
|
[ \-r $poolfile ] && bytes=`cat $poolfile` || bytes=512
|
2004-12-16 14:24:00 +00:00
|
|
|
dd if=/dev/urandom of=$random_seed count=1 bs=$bytes
|
2004-11-03 13:51:07 +00:00
|
|
|
.fi
|
|
|
|
|
|
|
|
Also, add the following lines in an appropriate script which is
|
|
|
|
run during the Linux system shutdown:
|
|
|
|
|
|
|
|
.nf
|
2004-12-16 14:24:00 +00:00
|
|
|
# Carry a random seed from shut-down to start-up
|
|
|
|
# Save the whole entropy pool
|
|
|
|
echo "Saving random seed..."
|
|
|
|
random_seed=/var/run/random-seed
|
|
|
|
touch $random_seed
|
|
|
|
chmod 600 $random_seed
|
|
|
|
poolfile=/proc/sys/kernel/random/poolsize
|
2005-07-06 12:57:38 +00:00
|
|
|
[ \-r $poolfile ] && bytes=`cat $poolfile` || bytes=512
|
2004-12-16 14:24:00 +00:00
|
|
|
dd if=/dev/urandom of=$random_seed count=1 bs=$bytes
|
2004-11-03 13:51:07 +00:00
|
|
|
.fi
|
|
|
|
.SH "PROC INTERFACE"
|
|
|
|
The files in the directory
|
|
|
|
.I /proc/sys/kernel/random
|
|
|
|
(present since 2.3.16) provide an additional interface to the
|
2005-11-02 13:55:25 +00:00
|
|
|
.I /dev/random
|
2004-11-03 13:51:07 +00:00
|
|
|
device.
|
|
|
|
.LP
|
|
|
|
The read-only file
|
|
|
|
.I entropy_avail
|
|
|
|
gives the available entropy. Normally, this will be 4096 (bits),
|
|
|
|
a full entropy pool.
|
|
|
|
.LP
|
|
|
|
The file
|
|
|
|
.I poolsize
|
|
|
|
gives the size of the entropy pool. Normally, this will be 512 (bytes).
|
|
|
|
It can be changed to any value for which an algorithm is available.
|
|
|
|
Currently the choices are 32, 64, 128, 256, 512, 1024, 2048.
|
|
|
|
.LP
|
|
|
|
The file
|
|
|
|
.I read_wakeup_threshold
|
|
|
|
contains the number of bits of entropy required for waking up processes
|
|
|
|
that sleep waiting for entropy from
|
2005-11-02 11:34:24 +00:00
|
|
|
.IR /dev/random .
|
2004-11-03 13:51:07 +00:00
|
|
|
The default is 64.
|
|
|
|
The file
|
|
|
|
.I write_wakeup_threshold
|
|
|
|
contains the number of bits of entropy below which we wake up
|
|
|
|
processes that do a
|
2005-11-02 11:34:24 +00:00
|
|
|
.BR select ()
|
2004-11-03 13:51:07 +00:00
|
|
|
or
|
2005-11-02 11:34:24 +00:00
|
|
|
.BR poll ()
|
2004-11-03 13:51:07 +00:00
|
|
|
for write access to
|
2005-11-02 11:34:24 +00:00
|
|
|
.IR /dev/random .
|
2004-11-03 13:51:07 +00:00
|
|
|
These values can be changed by writing to the files.
|
|
|
|
.LP
|
|
|
|
The read-only files
|
|
|
|
.I uuid
|
|
|
|
and
|
|
|
|
.I boot_id
|
|
|
|
contain random strings like 6fd5a44b-35f4-4ad4-a9b9-6b9be13e1fe9.
|
|
|
|
The former is generated afresh for each read, the latter was
|
|
|
|
generated once.
|
|
|
|
.SH FILES
|
|
|
|
/dev/random
|
|
|
|
.br
|
|
|
|
/dev/urandom
|
|
|
|
.SH AUTHOR
|
|
|
|
The kernel's random number generator was written by
|
|
|
|
Theodore Ts'o (tytso@athena.mit.edu).
|
|
|
|
.SH "SEE ALSO"
|
|
|
|
mknod (1)
|
|
|
|
.br
|
2005-07-20 07:50:45 +00:00
|
|
|
RFC\ 1750, "Randomness Recommendations for Security"
|