]>
Commit | Line | Data |
---|---|---|
fea681da MK |
1 | .\" Copyright (c) 1997 John S. Kallal (kallal@voicenet.com) |
2 | .\" | |
3 | .\" This is free documentation; you can redistribute it and/or | |
4 | .\" modify it under the terms of the GNU General Public License as | |
5 | .\" published by the Free Software Foundation; either version 2 of | |
6 | .\" the License, or (at your option) any later version. | |
7 | .\" | |
8 | .\" Some changes by tytso and aeb. | |
9 | .\" | |
8deb0f0d | 10 | .\" 2004-12-16, John V. Belmonte/mtk, Updated init and quit scripts |
704a18f0 | 11 | .\" 2004-04-08, AEB, Improved description of read from /dev/urandom |
8deb0f0d | 12 | .\" |
fea681da MK |
13 | .TH RANDOM 4 2003-10-25 "Linux" "Linux Programmer's Manual" |
14 | .SH NAME | |
15 | random, urandom \- kernel random number source devices | |
16 | .SH DESCRIPTION | |
c13182ef | 17 | The character special files \fI/dev/random\fP and |
8478ee02 | 18 | \fI/dev/urandom\fP (present since Linux 1.3.30) |
c13182ef MK |
19 | provide an interface to the kernel's random number generator. |
20 | File \fI/dev/random\fP has major device number 1 | |
21 | and minor device number 8. | |
22 | File \fI/dev/urandom\fP has major device number 1 and minor device number 9. | |
fea681da | 23 | .LP |
c13182ef MK |
24 | The random number generator gathers environmental noise |
25 | from device drivers and other sources into an entropy pool. | |
26 | The generator also keeps an estimate of the | |
fea681da MK |
27 | number of bits of noise in the entropy pool. |
28 | From this entropy pool random numbers are created. | |
c13182ef MK |
29 | .LP |
30 | When read, the \fI/dev/random\fP device will only return random bytes | |
31 | within the estimated number of bits of noise in the entropy | |
32 | pool. \fI/dev/random\fP should be suitable for uses that need very | |
33 | high quality randomness such as one-time pad or key generation. | |
34 | When the entropy pool is empty, reads from \fI/dev/random\fP will block | |
fea681da | 35 | until additional environmental noise is gathered. |
c13182ef | 36 | .LP |
8478ee02 | 37 | A read from the \fI/dev/urandom\fP device will not block |
c892f4ca MK |
38 | waiting for more entropy. |
39 | As a result, if there is not sufficient entropy in the | |
fea681da | 40 | entropy pool, the returned values are theoretically vulnerable to a |
c13182ef MK |
41 | cryptographic attack on the algorithms used by the driver. |
42 | Knowledge of how to do this is not available in the current non-classified | |
fea681da | 43 | literature, but it is theoretically possible that such an attack may |
c13182ef MK |
44 | exist. |
45 | If this is a concern in your application, use \fI/dev/random\fP | |
fea681da MK |
46 | instead. |
47 | .SH CONFIGURING | |
48 | If your system does not have | |
c13182ef | 49 | \fI/dev/random\fP and \fI/dev/urandom\fP created already, they |
fea681da MK |
50 | can be created with the following commands: |
51 | ||
52 | .nf | |
7295b7ed MK |
53 | mknod \-m 644 /dev/random c 1 8 |
54 | mknod \-m 644 /dev/urandom c 1 9 | |
55 | chown root:root /dev/random /dev/urandom | |
fea681da | 56 | .fi |
c13182ef MK |
57 | |
58 | When a Linux system starts up without much operator interaction, | |
fea681da | 59 | the entropy pool may be in a fairly predictable state. |
c13182ef MK |
60 | This reduces the actual amount of noise in the entropy pool |
61 | below the estimate. | |
62 | In order to counteract this effect, it helps to carry | |
63 | entropy pool information across shut-downs and start-ups. | |
64 | To do this, add the following lines to an appropriate script | |
65 | which is run during the Linux system start-up sequence: | |
fea681da MK |
66 | |
67 | .nf | |
7295b7ed MK |
68 | echo "Initializing random number generator..." |
69 | random_seed=/var/run/random-seed | |
70 | # Carry a random seed from start-up to start-up | |
71 | # Load and then save the whole entropy pool | |
72 | if [ \-f $random_seed ]; then | |
73 | cat $random_seed >/dev/urandom | |
74 | else | |
75 | touch $random_seed | |
76 | fi | |
77 | chmod 600 $random_seed | |
78 | poolfile=/proc/sys/kernel/random/poolsize | |
79 | [ \-r $poolfile ] && bytes=`cat $poolfile` || bytes=512 | |
80 | dd if=/dev/urandom of=$random_seed count=1 bs=$bytes | |
fea681da MK |
81 | .fi |
82 | ||
c13182ef | 83 | Also, add the following lines in an appropriate script which is |
fea681da | 84 | run during the Linux system shutdown: |
c13182ef | 85 | |
fea681da | 86 | .nf |
7295b7ed MK |
87 | # Carry a random seed from shut-down to start-up |
88 | # Save the whole entropy pool | |
89 | echo "Saving random seed..." | |
90 | random_seed=/var/run/random-seed | |
91 | touch $random_seed | |
92 | chmod 600 $random_seed | |
93 | poolfile=/proc/sys/kernel/random/poolsize | |
94 | [ \-r $poolfile ] && bytes=`cat $poolfile` || bytes=512 | |
95 | dd if=/dev/urandom of=$random_seed count=1 bs=$bytes | |
fea681da MK |
96 | .fi |
97 | .SH "PROC INTERFACE" | |
98 | The files in the directory | |
99 | .I /proc/sys/kernel/random | |
100 | (present since 2.3.16) provide an additional interface to the | |
8478ee02 | 101 | .I /dev/random |
fea681da MK |
102 | device. |
103 | .LP | |
104 | The read-only file | |
105 | .I entropy_avail | |
c13182ef MK |
106 | gives the available entropy. |
107 | Normally, this will be 4096 (bits), | |
fea681da MK |
108 | a full entropy pool. |
109 | .LP | |
110 | The file | |
111 | .I poolsize | |
c13182ef MK |
112 | gives the size of the entropy pool. |
113 | Normally, this will be 512 (bytes). | |
fea681da MK |
114 | It can be changed to any value for which an algorithm is available. |
115 | Currently the choices are 32, 64, 128, 256, 512, 1024, 2048. | |
116 | .LP | |
117 | The file | |
118 | .I read_wakeup_threshold | |
119 | contains the number of bits of entropy required for waking up processes | |
120 | that sleep waiting for entropy from | |
31e9a9ec | 121 | .IR /dev/random . |
fea681da MK |
122 | The default is 64. |
123 | The file | |
124 | .I write_wakeup_threshold | |
125 | contains the number of bits of entropy below which we wake up | |
126 | processes that do a | |
31e9a9ec | 127 | .BR select () |
fea681da | 128 | or |
31e9a9ec | 129 | .BR poll () |
fea681da | 130 | for write access to |
31e9a9ec | 131 | .IR /dev/random . |
fea681da MK |
132 | These values can be changed by writing to the files. |
133 | .LP | |
134 | The read-only files | |
135 | .I uuid | |
136 | and | |
137 | .I boot_id | |
138 | contain random strings like 6fd5a44b-35f4-4ad4-a9b9-6b9be13e1fe9. | |
139 | The former is generated afresh for each read, the latter was | |
140 | generated once. | |
141 | .SH FILES | |
142 | /dev/random | |
143 | .br | |
144 | /dev/urandom | |
145 | .SH AUTHOR | |
c13182ef | 146 | The kernel's random number generator was written by |
fea681da MK |
147 | Theodore Ts'o (tytso@athena.mit.edu). |
148 | .SH "SEE ALSO" | |
149 | mknod (1) | |
150 | .br | |
331da7c3 | 151 | RFC\ 1750, "Randomness Recommendations for Security" |