mirror of https://github.com/mkerrisk/man-pages
165 lines
5.3 KiB
Groff
165 lines
5.3 KiB
Groff
.\" Copyright (c) 1997 John S. Kallal (kallal@voicenet.com)
|
|
.\"
|
|
.\" This is free documentation; you can redistribute it and/or
|
|
.\" modify it under the terms of the GNU General Public License as
|
|
.\" published by the Free Software Foundation; either version 2 of
|
|
.\" the License, or (at your option) any later version.
|
|
.\"
|
|
.\" Some changes by tytso and aeb.
|
|
.\"
|
|
.\" 2004-12-16, John V. Belmonte/mtk, Updated init and quit scripts
|
|
.\" 2004-04-08, AEB, Improved description of read from /dev/urandom
|
|
.\"
|
|
.TH RANDOM 4 2008-01-10 "Linux" "Linux Programmer's Manual"
|
|
.SH NAME
|
|
random, urandom \- kernel random number source devices
|
|
.SH DESCRIPTION
|
|
The character special files \fI/dev/random\fP and
|
|
\fI/dev/urandom\fP (present since Linux 1.3.30)
|
|
provide an interface to the kernel's random number generator.
|
|
File \fI/dev/random\fP has major device number 1
|
|
and minor device number 8.
|
|
File \fI/dev/urandom\fP has major device number 1 and minor device number 9.
|
|
.LP
|
|
The random number generator gathers environmental noise
|
|
from device drivers and other sources into an entropy pool.
|
|
The generator also keeps an estimate of the
|
|
number of bits of noise in the entropy pool.
|
|
From this entropy pool random numbers are created.
|
|
.LP
|
|
When read, the \fI/dev/random\fP device will only return random bytes
|
|
within the estimated number of bits of noise in the entropy
|
|
pool.
|
|
\fI/dev/random\fP should be suitable for uses that need very
|
|
high quality randomness such as one-time pad or key generation.
|
|
When the entropy pool is empty, reads from \fI/dev/random\fP will block
|
|
until additional environmental noise is gathered.
|
|
.LP
|
|
A read from the \fI/dev/urandom\fP device will not block
|
|
waiting for more entropy.
|
|
As a result, if there is not sufficient entropy in the
|
|
entropy pool, the returned values are theoretically vulnerable to a
|
|
cryptographic attack on the algorithms used by the driver.
|
|
Knowledge of how to do this is not available in the current non-classified
|
|
literature, but it is theoretically possible that such an attack may
|
|
exist.
|
|
If this is a concern in your application, use \fI/dev/random\fP
|
|
instead.
|
|
.SS Configuration
|
|
If your system does not have
|
|
\fI/dev/random\fP and \fI/dev/urandom\fP created already, they
|
|
can be created with the following commands:
|
|
|
|
.nf
|
|
mknod \-m 644 /dev/random c 1 8
|
|
mknod \-m 644 /dev/urandom c 1 9
|
|
chown root:root /dev/random /dev/urandom
|
|
.fi
|
|
|
|
When a Linux system starts up without much operator interaction,
|
|
the entropy pool may be in a fairly predictable state.
|
|
This reduces the actual amount of noise in the entropy pool
|
|
below the estimate.
|
|
In order to counteract this effect, it helps to carry
|
|
entropy pool information across shut-downs and start-ups.
|
|
To do this, add the following lines to an appropriate script
|
|
which is run during the Linux system start-up sequence:
|
|
|
|
.nf
|
|
echo "Initializing random number generator..."
|
|
random_seed=/var/run/random-seed
|
|
# Carry a random seed from start-up to start-up
|
|
# Load and then save the whole entropy pool
|
|
if [ \-f $random_seed ]; then
|
|
cat $random_seed >/dev/urandom
|
|
else
|
|
touch $random_seed
|
|
fi
|
|
chmod 600 $random_seed
|
|
poolfile=/proc/sys/kernel/random/poolsize
|
|
[ \-r $poolfile ] && bytes=`cat $poolfile` || bytes=512
|
|
dd if=/dev/urandom of=$random_seed count=1 bs=$bytes
|
|
.fi
|
|
|
|
Also, add the following lines in an appropriate script which is
|
|
run during the Linux system shutdown:
|
|
|
|
.nf
|
|
# Carry a random seed from shut-down to start-up
|
|
# Save the whole entropy pool
|
|
echo "Saving random seed..."
|
|
random_seed=/var/run/random-seed
|
|
touch $random_seed
|
|
chmod 600 $random_seed
|
|
poolfile=/proc/sys/kernel/random/poolsize
|
|
[ \-r $poolfile ] && bytes=`cat $poolfile` || bytes=512
|
|
dd if=/dev/urandom of=$random_seed count=1 bs=$bytes
|
|
.fi
|
|
.SS "/proc Interface"
|
|
The files in the directory
|
|
.I /proc/sys/kernel/random
|
|
(present since 2.3.16) provide an additional interface to the
|
|
.I /dev/random
|
|
device.
|
|
.LP
|
|
The read-only file
|
|
.I entropy_avail
|
|
gives the available entropy.
|
|
Normally, this will be 4096 (bits),
|
|
a full entropy pool.
|
|
.LP
|
|
The file
|
|
.I poolsize
|
|
gives the size of the entropy pool.
|
|
The semantics of this file vary across kernel versions:
|
|
.RS
|
|
.TP 12
|
|
Linux 2.4:
|
|
This file gives the size of the entropy pool in
|
|
.IR bytes .
|
|
Normally, this file will have the value 512, but it is writable,
|
|
and can be changed to any value for which an algorithm is available.
|
|
The choices are 32, 64, 128, 256, 512, 1024, or 2048.
|
|
.TP
|
|
Linux 2.6:
|
|
This file is read-only, and gives the size of the entropy pool in
|
|
.IR bits .
|
|
It contains the value 4096.
|
|
.RE
|
|
.LP
|
|
The file
|
|
.I read_wakeup_threshold
|
|
contains the number of bits of entropy required for waking up processes
|
|
that sleep waiting for entropy from
|
|
.IR /dev/random .
|
|
The default is 64.
|
|
The file
|
|
.I write_wakeup_threshold
|
|
contains the number of bits of entropy below which we wake up
|
|
processes that do a
|
|
.BR select (2)
|
|
or
|
|
.BR poll (2)
|
|
for write access to
|
|
.IR /dev/random .
|
|
These values can be changed by writing to the files.
|
|
.LP
|
|
The read-only files
|
|
.I uuid
|
|
and
|
|
.I boot_id
|
|
contain random strings like 6fd5a44b-35f4-4ad4-a9b9-6b9be13e1fe9.
|
|
The former is generated afresh for each read, the latter was
|
|
generated once.
|
|
.SH FILES
|
|
/dev/random
|
|
.br
|
|
/dev/urandom
|
|
.\" .SH AUTHOR
|
|
.\" The kernel's random number generator was written by
|
|
.\" Theodore Ts'o (tytso@athena.mit.edu).
|
|
.SH "SEE ALSO"
|
|
mknod (1)
|
|
.br
|
|
RFC\ 1750, "Randomness Recommendations for Security"
|