[thirdparty/man-pages.git] / man4 / random.4

.\" Copyright (c) 1997 John S. Kallal (kallal@voicenet.com)
.\"
.\" %%%LICENSE_START(GPLv2+_DOC_ONEPARA)
.\" This is free documentation; you can redistribute it and/or
.\" modify it under the terms of the GNU General Public License as
.\" published by the Free Software Foundation; either version 2 of
.\" the License, or (at your option) any later version.
.\" %%%LICENSE_END
.\"
.\" Some changes by tytso and aeb.
.\"
.\" 2004-12-16, John V. Belmonte/mtk, Updated init and quit scripts
.\" 2004-04-08, AEB, Improved description of read from /dev/urandom
.\" 2008-06-20, George Spelvin <linux@horizon.com>,
.\"             Matt Mackall <mpm@selenic.com>
.\"
.TH RANDOM 4 2021-03-22 "Linux" "Linux Programmer's Manual"
.SH NAME
random, urandom \- kernel random number source devices
.SH SYNOPSIS
.nf
#include <linux/random.h>
.PP
.BI "int ioctl(" fd ", RND" request ", " param ");"
.fi
.SH DESCRIPTION
The character special files \fI/dev/random\fP and
\fI/dev/urandom\fP (present since Linux 1.3.30)
provide an interface to the kernel's random number generator.
The file
.I /dev/random
has major device number 1 and minor device number 8.
The file
.I /dev/urandom
has major device number 1 and minor device number 9.
.PP
The random number generator gathers environmental noise
from device drivers and other sources into an entropy pool.
The generator also keeps an estimate of the
number of bits of noise in the entropy pool.
From this entropy pool, random numbers are created.
.PP
Linux 3.17 and later provides the simpler and safer
.BR getrandom (2)
interface which requires no special files;
see the
.BR getrandom (2)
manual page for details.
.PP
When read, the
.I /dev/urandom
device returns random bytes using a pseudorandom
number generator seeded from the entropy pool.
Reads from this device do not block (i.e., the CPU is not yielded),
but can incur an appreciable delay when requesting large amounts of data.
.PP
When read during early boot time,
.IR /dev/urandom
may return data prior to the entropy pool being initialized.
.\" This is a real problem; see
.\" commit 9b4d008787f864f17d008c9c15bbe8a0f7e2fc24
If this is of concern in your application, use
.BR getrandom (2)
or \fI/dev/random\fP instead.
.PP
The \fI/dev/random\fP device is a legacy interface which dates back to
a time where the cryptographic primitives used in the implementation
of \fI/dev/urandom\fP were not widely trusted.
It will return random bytes only within the estimated number of
bits of fresh noise in the entropy pool, blocking if necessary.
\fI/dev/random\fP is suitable for applications that need
high quality randomness, and can afford indeterminate delays.
.PP
When the entropy pool is empty, reads from \fI/dev/random\fP will block
until additional environmental noise is gathered.
If
.BR open (2)
is called for
.I /dev/random
with the
.BR O_NONBLOCK
flag, a subsequent
.BR read (2)
will not block if the requested number of bytes is not available.
Instead, the available bytes are returned.
If no byte is available,
.BR read (2)
will return \-1 and
.I errno
will be set to
.BR EAGAIN .
.PP
The
.B O_NONBLOCK
flag has no effect when opening
.IR /dev/urandom .
When calling
.BR read (2)
for the device
.IR /dev/urandom ,
reads of up to 256 bytes will return as many bytes as are requested
and will not be interrupted by a signal handler.
Reads with a buffer over this limit may return less than the
requested number of bytes or fail with the error
.BR EINTR ,
if interrupted by a signal handler.
.PP
Since Linux 3.16,
.\" commit 79a8468747c5f95ed3d5ce8376a3e82e0c5857fc
a
.BR read (2)
from
.IR /dev/urandom
will return at most 32\ MB.
A
.BR read (2)
from
.IR /dev/random
will return at most 512 bytes
.\" SEC_XFER_SIZE in drivers/char/random.c
(340 bytes on Linux kernels before version 2.6.12).
.PP
Writing to \fI/dev/random\fP or \fI/dev/urandom\fP will update the
entropy pool with the data written, but this will not result in a
higher entropy count.
This means that it will impact the contents
read from both files, but it will not make reads from
\fI/dev/random\fP faster.
.SS Usage
The
.IR /dev/random
interface is considered a legacy interface, and
.IR /dev/urandom
is preferred and sufficient in all use cases, with the exception of
applications which require randomness during early boot time; for
these applications,
.BR getrandom (2)
must be used instead,
because it will block until the entropy pool is initialized.
.PP
If a seed file is saved across reboots as recommended below,
the output is
cryptographically secure against attackers without local root access as
soon as it is reloaded in the boot sequence, and perfectly adequate for
network encryption session keys.
(All major Linux distributions have saved the seed file across reboots
since 2000 at least.)
Since reads from
.I /dev/random
may block, users will usually want to open it in nonblocking mode
(or perform a read with timeout),
and provide some sort of user notification if the desired
entropy is not immediately available.
.\"
.SS Configuration
If your system does not have
\fI/dev/random\fP and \fI/dev/urandom\fP created already, they
can be created with the following commands:
.PP
.in +4n
.EX
mknod \-m 666 /dev/random c 1 8
mknod \-m 666 /dev/urandom c 1 9
chown root:root /dev/random /dev/urandom
.EE
.in
.PP
When a Linux system starts up without much operator interaction,
the entropy pool may be in a fairly predictable state.
This reduces the actual amount of noise in the entropy pool
below the estimate.
In order to counteract this effect, it helps to carry
entropy pool information across shut-downs and start-ups.
To do this, add the lines to an appropriate script
which is run during the Linux system start-up sequence:
.PP
.in +4n
.EX
echo "Initializing random number generator..."
random_seed=/var/run/random\-seed
# Carry a random seed from start\-up to start\-up
# Load and then save the whole entropy pool
if [ \-f $random_seed ]; then
    cat $random_seed >/dev/urandom
else
    touch $random_seed
fi
chmod 600 $random_seed
poolfile=/proc/sys/kernel/random/poolsize
[ \-r $poolfile ] && bits=$(cat $poolfile) || bits=4096
bytes=$(expr $bits / 8)
dd if=/dev/urandom of=$random_seed count=1 bs=$bytes
.EE
.in
.PP
Also, add the following lines in an appropriate script which is
run during the Linux system shutdown:
.PP
.in +4n
.EX
# Carry a random seed from shut\-down to start\-up
# Save the whole entropy pool
echo "Saving random seed..."
random_seed=/var/run/random\-seed
touch $random_seed
chmod 600 $random_seed
poolfile=/proc/sys/kernel/random/poolsize
[ \-r $poolfile ] && bits=$(cat $poolfile) || bits=4096
bytes=$(expr $bits / 8)
dd if=/dev/urandom of=$random_seed count=1 bs=$bytes
.EE
.in
.PP
In the above examples, we assume Linux 2.6.0 or later, where
.IR /proc/sys/kernel/random/poolsize
returns the size of the entropy pool in bits (see below).
.\"
.SS /proc interfaces
The files in the directory
.I /proc/sys/kernel/random
(present since 2.3.16) provide additional information about the
.I /dev/random
device:
.TP
.I entropy_avail
This read-only file gives the available entropy, in bits.
This will be a number in the range 0 to 4096.
.TP
.I poolsize
This file
gives the size of the entropy pool.
The semantics of this file vary across kernel versions:
.RS
.TP
Linux 2.4:
This file gives the size of the entropy pool in
.IR bytes .
Normally, this file will have the value 512, but it is writable,
and can be changed to any value for which an algorithm is available.
The choices are 32, 64, 128, 256, 512, 1024, or 2048.
.TP
Linux 2.6 and later:
This file is read-only, and gives the size of the entropy pool in
.IR bits .
It contains the value 4096.
.RE
.TP
.I read_wakeup_threshold
This file
contains the number of bits of entropy required for waking up processes
that sleep waiting for entropy from
.IR /dev/random .
The default is 64.
.TP
.I write_wakeup_threshold
This file
contains the number of bits of entropy below which we wake up
processes that do a
.BR select (2)
or
.BR poll (2)
for write access to
.IR /dev/random .
These values can be changed by writing to the files.
.TP
.IR uuid " and " boot_id
These read-only files
contain random strings like 6fd5a44b-35f4-4ad4-a9b9-6b9be13e1fe9.
The former is generated afresh for each read, the latter was
generated once.
.\"
.SS ioctl(2) interface
The following
.BR ioctl (2)
requests are defined on file descriptors connected to either \fI/dev/random\fP
or \fI/dev/urandom\fP.
All requests performed will interact with the input
entropy pool impacting both \fI/dev/random\fP and \fI/dev/urandom\fP.
The
.B CAP_SYS_ADMIN
capability is required for all requests except
.BR RNDGETENTCNT .
.TP
.BR RNDGETENTCNT
Retrieve the entropy count of the input pool, the contents will be the same
as the
.I entropy_avail
file under proc.
The result will be stored in the int pointed to by the argument.
.TP
.BR RNDADDTOENTCNT
Increment or decrement the entropy count of the input pool
by the value pointed to by the argument.
.TP
.BR RNDGETPOOL
Removed in Linux 2.6.9.
.TP
.BR RNDADDENTROPY
Add some additional entropy to the input pool,
incrementing the entropy count.
This differs from writing to \fI/dev/random\fP or \fI/dev/urandom\fP,
which only adds some
data but does not increment the entropy count.
The following structure is used:
.IP
.in +4n
.EX
struct rand_pool_info {
    int    entropy_count;
    int    buf_size;
    __u32  buf[0];
};
.EE
.in
.IP
Here
.I entropy_count
is the value added to (or subtracted from) the entropy count, and
.I buf
is the buffer of size
.I buf_size
which gets added to the entropy pool.
.TP
.BR RNDZAPENTCNT ", " RNDCLEARPOOL
Zero the entropy count of all pools and add some system data (such as
wall clock) to the pools.
.SH FILES
.I /dev/random
.br
.I /dev/urandom
.SH NOTES
For an overview and comparison of the various interfaces that
can be used to obtain randomness, see
.BR random (7).
.SH BUGS
During early boot time, reads from
.I /dev/urandom
may return data prior to the entropy pool being initialized.
.\" .SH AUTHOR
.\" The kernel's random number generator was written by
.\" Theodore Ts'o (tytso@athena.mit.edu).
.SH SEE ALSO
.BR mknod (1),
.BR getrandom (2),
.BR random (7)
.PP
RFC\ 1750, "Randomness Recommendations for Security"
Commit	Line	Data
fea681da MK	1	.\" Copyright (c) 1997 John S. Kallal (kallal@voicenet.com)
fea681da MK	2	.\"
89e3ffe9	3	.\" %%%LICENSE_START(GPLv2+_DOC_ONEPARA)
fea681da MK	4	.\" This is free documentation; you can redistribute it and/or
	5	.\" modify it under the terms of the GNU General Public License as
	6	.\" published by the Free Software Foundation; either version 2 of
	7	.\" the License, or (at your option) any later version.
8f8359d8	8	.\" %%%LICENSE_END
fea681da MK	9	.\"
	10	.\" Some changes by tytso and aeb.
	11	.\"
8deb0f0d	12	.\" 2004-12-16, John V. Belmonte/mtk, Updated init and quit scripts
704a18f0	13	.\" 2004-04-08, AEB, Improved description of read from /dev/urandom
9ed0f081 MK	14	.\" 2008-06-20, George Spelvin <linux@horizon.com>,
9ed0f081 MK	15	.\" Matt Mackall <mpm@selenic.com>
8deb0f0d	16	.\"
1d767b55	17	.TH RANDOM 4 2021-03-22 "Linux" "Linux Programmer's Manual"
fea681da MK	18	.SH NAME
fea681da MK	19	random, urandom \- kernel random number source devices
5a933be0	20	.SH SYNOPSIS
c7db92b9	21	.nf
5a933be0	22	#include <linux/random.h>
68e4db0a	23	.PP
5a933be0	24	.BI "int ioctl(" fd ", RND" request ", " param ");"
c7db92b9	25	.fi
fea681da	26	.SH DESCRIPTION
c13182ef	27	The character special files \fI/dev/random\fP and
8478ee02	28	\fI/dev/urandom\fP (present since Linux 1.3.30)
c13182ef	29	provide an interface to the kernel's random number generator.
af0b0990	30	The file
11bda441	31	.I /dev/random
af0b0990 MK	32	has major device number 1 and minor device number 8.
	33	The file
	34	.I /dev/urandom
	35	has major device number 1 and minor device number 9.
dd3568a1	36	.PP
c13182ef MK	37	The random number generator gathers environmental noise
	38	from device drivers and other sources into an entropy pool.
	39	The generator also keeps an estimate of the
fea681da	40	number of bits of noise in the entropy pool.
82f0a1f9	41	From this entropy pool, random numbers are created.
dd3568a1	42	.PP
724d21bb	43	Linux 3.17 and later provides the simpler and safer
f64f220c	44	.BR getrandom (2)
724d21bb MK	45	interface which requires no special files;
	46	see the
	47	.BR getrandom (2)
	48	manual page for details.
2d444feb	49	.PP
f64f220c MK	50	When read, the
	51	.I /dev/urandom
	52	device returns random bytes using a pseudorandom
	53	number generator seeded from the entropy pool.
6a0c1add	54	Reads from this device do not block (i.e., the CPU is not yielded),
e6e25836	55	but can incur an appreciable delay when requesting large amounts of data.
2d444feb	56	.PP
daaeba95	57	When read during early boot time,
bb02bcef	58	.IR /dev/urandom
daaeba95	59	may return data prior to the entropy pool being initialized.
8888079c MK	60	.\" This is a real problem; see
8888079c MK	61	.\" commit 9b4d008787f864f17d008c9c15bbe8a0f7e2fc24
67b7fcba	62	If this is of concern in your application, use
f64f220c	63	.BR getrandom (2)
67b7fcba	64	or \fI/dev/random\fP instead.
2d444feb	65	.PP
67b7fcba NM	66	The \fI/dev/random\fP device is a legacy interface which dates back to
67b7fcba NM	67	a time where the cryptographic primitives used in the implementation
f64f220c MK	68	of \fI/dev/urandom\fP were not widely trusted.
	69	It will return random bytes only within the estimated number of
	70	bits of fresh noise in the entropy pool, blocking if necessary.
c5d010eb	71	\fI/dev/random\fP is suitable for applications that need
67b7fcba	72	high quality randomness, and can afford indeterminate delays.
2d444feb	73	.PP
c13182ef	74	When the entropy pool is empty, reads from \fI/dev/random\fP will block
fea681da	75	until additional environmental noise is gathered.
17344691 HS	76	If
	77	.BR open (2)
	78	is called for
	79	.I /dev/random
724d21bb MK	80	with the
	81	.BR O_NONBLOCK
	82	flag, a subsequent
17344691 HS	83	.BR read (2)
17344691 HS	84	will not block if the requested number of bytes is not available.
e8cc3c09	85	Instead, the available bytes are returned.
792bb5ad	86	If no byte is available,
17344691	87	.BR read (2)
0a23e9aa	88	will return \-1 and
17344691 HS	89	.I errno
	90	will be set to
	91	.BR EAGAIN .
2d444feb	92	.PP
724d21bb	93	The
17344691	94	.B O_NONBLOCK
724d21bb	95	flag has no effect when opening
17344691 HS	96	.IR /dev/urandom .
	97	When calling
	98	.BR read (2)
792bb5ad MK	99	for the device
792bb5ad MK	100	.IR /dev/urandom ,
dbf63eed MK	101	reads of up to 256 bytes will return as many bytes as are requested
	102	and will not be interrupted by a signal handler.
	103	Reads with a buffer over this limit may return less than the
	104	requested number of bytes or fail with the error
4818990d MK	105	.BR EINTR ,
4818990d MK	106	if interrupted by a signal handler.
2d444feb	107	.PP
866fa681 MK	108	Since Linux 3.16,
	109	.\" commit 79a8468747c5f95ed3d5ce8376a3e82e0c5857fc
	110	a
	111	.BR read (2)
	112	from
	113	.IR /dev/urandom
c4b7e5ac	114	will return at most 32\ MB.
44da0e24 MK	115	A
	116	.BR read (2)
	117	from
	118	.IR /dev/random
	119	will return at most 512 bytes
	120	.\" SEC_XFER_SIZE in drivers/char/random.c
	121	(340 bytes on Linux kernels before version 2.6.12).
2d444feb	122	.PP
5a933be0 EDB	123	Writing to \fI/dev/random\fP or \fI/dev/urandom\fP will update the
5a933be0 EDB	124	entropy pool with the data written, but this will not result in a
ece967c9 MK	125	higher entropy count.
	126	This means that it will impact the contents
	127	read from both files, but it will not make reads from
5a933be0	128	\fI/dev/random\fP faster.
9ed0f081	129	.SS Usage
67b7fcba	130	The
9ed0f081	131	.IR /dev/random
67b7fcba	132	interface is considered a legacy interface, and
724d21bb	133	.IR /dev/urandom
67b7fcba NM	134	is preferred and sufficient in all use cases, with the exception of
67b7fcba NM	135	applications which require randomness during early boot time; for
f64f220c MK	136	these applications,
	137	.BR getrandom (2)
	138	must be used instead,
	139	because it will block until the entropy pool is initialized.
2d444feb	140	.PP
136b7eaf MK	141	If a seed file is saved across reboots as recommended below,
136b7eaf MK	142	the output is
9ed0f081 MK	143	cryptographically secure against attackers without local root access as
	144	soon as it is reloaded in the boot sequence, and perfectly adequate for
	145	network encryption session keys.
136b7eaf MK	146	(All major Linux distributions have saved the seed file across reboots
136b7eaf MK	147	since 2000 at least.)
e7dfa844	148	Since reads from
9ed0f081	149	.I /dev/random
ff40dbb3	150	may block, users will usually want to open it in nonblocking mode
e7dfa844 MK	151	(or perform a read with timeout),
e7dfa844 MK	152	and provide some sort of user notification if the desired
9ed0f081	153	entropy is not immediately available.
2e1f8bfa	154	.\"
8eb40c9c	155	.SS Configuration
fea681da	156	If your system does not have
c13182ef	157	\fI/dev/random\fP and \fI/dev/urandom\fP created already, they
fea681da	158	can be created with the following commands:
2d444feb	159	.PP
9c40f2b9 MK	160	.in +4n
	161	.EX
	162	mknod \-m 666 /dev/random c 1 8
	163	mknod \-m 666 /dev/urandom c 1 9
	164	chown root:root /dev/random /dev/urandom
	165	.EE
	166	.in
2d444feb	167	.PP
c13182ef	168	When a Linux system starts up without much operator interaction,
fea681da	169	the entropy pool may be in a fairly predictable state.
c13182ef MK	170	This reduces the actual amount of noise in the entropy pool
	171	below the estimate.
	172	In order to counteract this effect, it helps to carry
	173	entropy pool information across shut-downs and start-ups.
3f4a2adb	174	To do this, add the lines to an appropriate script
c13182ef	175	which is run during the Linux system start-up sequence:
2d444feb	176	.PP
9c40f2b9 MK	177	.in +4n
	178	.EX
	179	echo "Initializing random number generator..."
d064d41a MK	180	random_seed=/var/run/random\-seed
d064d41a MK	181	# Carry a random seed from start\-up to start\-up
9c40f2b9 MK	182	# Load and then save the whole entropy pool
	183	if [ \-f $random_seed ]; then
	184	cat $random_seed >/dev/urandom
	185	else
	186	touch $random_seed
	187	fi
	188	chmod 600 $random_seed
	189	poolfile=/proc/sys/kernel/random/poolsize
	190	[ \-r $poolfile ] && bits=$(cat $poolfile) \|\| bits=4096
	191	bytes=$(expr $bits / 8)
	192	dd if=/dev/urandom of=$random_seed count=1 bs=$bytes
	193	.EE
	194	.in
2d444feb	195	.PP
c13182ef	196	Also, add the following lines in an appropriate script which is
fea681da	197	run during the Linux system shutdown:
2d444feb	198	.PP
9c40f2b9 MK	199	.in +4n
9c40f2b9 MK	200	.EX
d064d41a	201	# Carry a random seed from shut\-down to start\-up
9c40f2b9 MK	202	# Save the whole entropy pool
9c40f2b9 MK	203	echo "Saving random seed..."
d064d41a	204	random_seed=/var/run/random\-seed
9c40f2b9 MK	205	touch $random_seed
	206	chmod 600 $random_seed
	207	poolfile=/proc/sys/kernel/random/poolsize
	208	[ \-r $poolfile ] && bits=$(cat $poolfile) \|\| bits=4096
	209	bytes=$(expr $bits / 8)
	210	dd if=/dev/urandom of=$random_seed count=1 bs=$bytes
	211	.EE
	212	.in
2d444feb	213	.PP
3f4a2adb MK	214	In the above examples, we assume Linux 2.6.0 or later, where
	215	.IR /proc/sys/kernel/random/poolsize
	216	returns the size of the entropy pool in bits (see below).
388ee0f4 MK	217	.\"
388ee0f4 MK	218	.SS /proc interfaces
fea681da MK	219	The files in the directory
fea681da MK	220	.I /proc/sys/kernel/random
388ee0f4	221	(present since 2.3.16) provide additional information about the
8478ee02	222	.I /dev/random
388ee0f4 MK	223	device:
388ee0f4 MK	224	.TP
fea681da	225	.I entropy_avail
05babf32 MK	226	This read-only file gives the available entropy, in bits.
05babf32 MK	227	This will be a number in the range 0 to 4096.
388ee0f4	228	.TP
fea681da	229	.I poolsize
388ee0f4	230	This file
c13182ef	231	gives the size of the entropy pool.
da84883c MK	232	The semantics of this file vary across kernel versions:
da84883c MK	233	.RS
388ee0f4	234	.TP
da84883c MK	235	Linux 2.4:
	236	This file gives the size of the entropy pool in
	237	.IR bytes .
	238	Normally, this file will have the value 512, but it is writable,
	239	and can be changed to any value for which an algorithm is available.
	240	The choices are 32, 64, 128, 256, 512, 1024, or 2048.
	241	.TP
0f1e6153	242	Linux 2.6 and later:
da84883c MK	243	This file is read-only, and gives the size of the entropy pool in
	244	.IR bits .
	245	It contains the value 4096.
	246	.RE
388ee0f4	247	.TP
fea681da	248	.I read_wakeup_threshold
388ee0f4	249	This file
fea681da MK	250	contains the number of bits of entropy required for waking up processes
fea681da MK	251	that sleep waiting for entropy from
31e9a9ec	252	.IR /dev/random .
fea681da	253	The default is 64.
388ee0f4	254	.TP
fea681da	255	.I write_wakeup_threshold
388ee0f4	256	This file
fea681da MK	257	contains the number of bits of entropy below which we wake up
fea681da MK	258	processes that do a
5e21af3a	259	.BR select (2)
fea681da	260	or
5e21af3a	261	.BR poll (2)
fea681da	262	for write access to
31e9a9ec	263	.IR /dev/random .
fea681da	264	These values can be changed by writing to the files.
388ee0f4 MK	265	.TP
	266	.IR uuid " and " boot_id
	267	These read-only files
fea681da MK	268	contain random strings like 6fd5a44b-35f4-4ad4-a9b9-6b9be13e1fe9.
	269	The former is generated afresh for each read, the latter was
	270	generated once.
388ee0f4	271	.\"
5a933be0 EDB	272	.SS ioctl(2) interface
	273	The following
	274	.BR ioctl (2)
	275	requests are defined on file descriptors connected to either \fI/dev/random\fP
ece967c9 MK	276	or \fI/dev/urandom\fP.
ece967c9 MK	277	All requests performed will interact with the input
5a933be0 EDB	278	entropy pool impacting both \fI/dev/random\fP and \fI/dev/urandom\fP.
	279	The
	280	.B CAP_SYS_ADMIN
	281	capability is required for all requests except
ece967c9	282	.BR RNDGETENTCNT .
5a933be0 EDB	283	.TP
	284	.BR RNDGETENTCNT
	285	Retrieve the entropy count of the input pool, the contents will be the same
	286	as the
	287	.I entropy_avail
	288	file under proc.
	289	The result will be stored in the int pointed to by the argument.
	290	.TP
	291	.BR RNDADDTOENTCNT
ece967c9 MK	292	Increment or decrement the entropy count of the input pool
ece967c9 MK	293	by the value pointed to by the argument.
5a933be0 EDB	294	.TP
	295	.BR RNDGETPOOL
	296	Removed in Linux 2.6.9.
	297	.TP
	298	.BR RNDADDENTROPY
ece967c9 MK	299	Add some additional entropy to the input pool,
	300	incrementing the entropy count.
	301	This differs from writing to \fI/dev/random\fP or \fI/dev/urandom\fP,
	302	which only adds some
	303	data but does not increment the entropy count.
	304	The following structure is used:
5a933be0	305	.IP
010c75a2 MK	306	.in +4n
	307	.EX
	308	struct rand_pool_info {
	309	int entropy_count;
	310	int buf_size;
	311	__u32 buf[0];
	312	};
	313	.EE
	314	.in
5a933be0 EDB	315	.IP
	316	Here
	317	.I entropy_count
988bd008	318	is the value added to (or subtracted from) the entropy count, and
5a933be0 EDB	319	.I buf
	320	is the buffer of size
	321	.I buf_size
	322	which gets added to the entropy pool.
	323	.TP
	324	.BR RNDZAPENTCNT ", " RNDCLEARPOOL
	325	Zero the entropy count of all pools and add some system data (such as
	326	wall clock) to the pools.
f2910c72	327	.SH FILES
323e1feb	328	.I /dev/random
f2910c72	329	.br
323e1feb	330	.I /dev/urandom
379df7a0 MK	331	.SH NOTES
	332	For an overview and comparison of the various interfaces that
	333	can be used to obtain randomness, see
	334	.BR random (7).
f64f220c	335	.SH BUGS
debb291e	336	During early boot time, reads from
f64f220c MK	337	.I /dev/urandom
f64f220c MK	338	may return data prior to the entropy pool being initialized.
dc919d09 MK	339	.\" .SH AUTHOR
	340	.\" The kernel's random number generator was written by
	341	.\" Theodore Ts'o (tytso@athena.mit.edu).
47297adb	342	.SH SEE ALSO
59732c2a	343	.BR mknod (1),
379df7a0 MK	344	.BR getrandom (2),
379df7a0 MK	345	.BR random (7)
2d444feb	346	.PP
331da7c3	347	RFC\ 1750, "Randomness Recommendations for Security"