mirror of https://github.com/mkerrisk/man-pages
random.4: Minor tweaks to Nikos Mavrogiannopoulos's patch
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
Michael Kerrisk
parent
67b7fcba2b
commit
f64f220c5e
|
|
@ -36,23 +36,26 @@ number of bits of noise in the entropy pool.
|
|||
From this entropy pool random numbers are created.
|
||||
.LP
|
||||
Linux 3.17 and later provides the simpler and safer (see below)
|
||||
.BR getrandom(2)
|
||||
.BR getrandom (2)
|
||||
interface which requires no special files.
|
||||
.LP
|
||||
When read, the \fI/dev/urandom\fP device return random bytes using a pseudorandom
|
||||
number generator seeded from the entropy pool. That operation is
|
||||
non-blocking. When used during early boot time, this device may return
|
||||
When read, the
|
||||
.I /dev/urandom
|
||||
device returns random bytes using a pseudorandom
|
||||
number generator seeded from the entropy pool.
|
||||
That operation is non-blocking.
|
||||
When used during early boot time, this device may return
|
||||
data prior to the entropy pool being initialized.
|
||||
If this is of concern in your application, use
|
||||
.BR getrandom(2)
|
||||
.BR getrandom (2)
|
||||
or \fI/dev/random\fP instead.
|
||||
|
||||
.LP
|
||||
The \fI/dev/random\fP device is a legacy interface which dates back to
|
||||
a time where the cryptographic primitives used in the implementation
|
||||
of \fI/dev/urandom\fP were not widely trusted. It will return random bytes
|
||||
only within the estimated number of bits of fresh noise in the entropy
|
||||
pool, blocking if necessary.
|
||||
of \fI/dev/urandom\fP were not widely trusted.
|
||||
It will return random bytes only within the estimated number of
|
||||
bits of fresh noise in the entropy pool, blocking if necessary.
|
||||
\fI/dev/random\fP is suitable for applications that need very
|
||||
high quality randomness, and can afford indeterminate delays.
|
||||
When the entropy pool is empty, reads from \fI/dev/random\fP will block
|
||||
|
|
@ -113,9 +116,10 @@ interface is considered a legacy interface, and
|
|||
.IR /dev/urandom ,
|
||||
is preferred and sufficient in all use cases, with the exception of
|
||||
applications which require randomness during early boot time; for
|
||||
these applications, the system call
|
||||
.BR getrandom(2)
|
||||
must be used instead, because will block until the entropy pool is initialized.
|
||||
these applications,
|
||||
.BR getrandom (2)
|
||||
must be used instead,
|
||||
because it will block until the entropy pool is initialized.
|
||||
|
||||
If a seed file is saved across reboots as recommended below (all major
|
||||
Linux distributions have done this since 2000 at least), the output is
|
||||
|
|
@ -323,9 +327,10 @@ which gets added to the entropy pool.
|
|||
.BR RNDZAPENTCNT ", " RNDCLEARPOOL
|
||||
Zero the entropy count of all pools and add some system data (such as
|
||||
wall clock) to the pools.
|
||||
.SH KNOWN ISSUES
|
||||
When used during early boot, \fI/dev/urandom\fP may return data prior to the entropy pool being initialized.
|
||||
|
||||
.SH BUGS
|
||||
When used during early boot,
|
||||
.I /dev/urandom
|
||||
may return data prior to the entropy pool being initialized.
|
||||
.SH FILES
|
||||
/dev/random
|
||||
.br
|
||||
|
|
|
|||
Loading…
Reference in New Issue