]>
Commit | Line | Data |
---|---|---|
fea681da MK |
1 | .\" Copyright (c) 1997 John S. Kallal (kallal@voicenet.com) |
2 | .\" | |
3 | .\" This is free documentation; you can redistribute it and/or | |
4 | .\" modify it under the terms of the GNU General Public License as | |
5 | .\" published by the Free Software Foundation; either version 2 of | |
6 | .\" the License, or (at your option) any later version. | |
7 | .\" | |
8 | .\" Some changes by tytso and aeb. | |
9 | .\" | |
8deb0f0d | 10 | .\" 2004-12-16, John V. Belmonte/mtk, Updated init and quit scripts |
704a18f0 | 11 | .\" 2004-04-08, AEB, Improved description of read from /dev/urandom |
8deb0f0d | 12 | .\" |
fea681da MK |
13 | .TH RANDOM 4 2003-10-25 "Linux" "Linux Programmer's Manual" |
14 | .SH NAME | |
15 | random, urandom \- kernel random number source devices | |
16 | .SH DESCRIPTION | |
c13182ef | 17 | The character special files \fI/dev/random\fP and |
8478ee02 | 18 | \fI/dev/urandom\fP (present since Linux 1.3.30) |
c13182ef MK |
19 | provide an interface to the kernel's random number generator. |
20 | File \fI/dev/random\fP has major device number 1 | |
21 | and minor device number 8. | |
22 | File \fI/dev/urandom\fP has major device number 1 and minor device number 9. | |
fea681da | 23 | .LP |
c13182ef MK |
24 | The random number generator gathers environmental noise |
25 | from device drivers and other sources into an entropy pool. | |
26 | The generator also keeps an estimate of the | |
fea681da MK |
27 | number of bits of noise in the entropy pool. |
28 | From this entropy pool random numbers are created. | |
c13182ef MK |
29 | .LP |
30 | When read, the \fI/dev/random\fP device will only return random bytes | |
31 | within the estimated number of bits of noise in the entropy | |
be7fff26 MK |
32 | pool. |
33 | \fI/dev/random\fP should be suitable for uses that need very | |
c13182ef MK |
34 | high quality randomness such as one-time pad or key generation. |
35 | When the entropy pool is empty, reads from \fI/dev/random\fP will block | |
fea681da | 36 | until additional environmental noise is gathered. |
c13182ef | 37 | .LP |
8478ee02 | 38 | A read from the \fI/dev/urandom\fP device will not block |
c892f4ca MK |
39 | waiting for more entropy. |
40 | As a result, if there is not sufficient entropy in the | |
fea681da | 41 | entropy pool, the returned values are theoretically vulnerable to a |
c13182ef MK |
42 | cryptographic attack on the algorithms used by the driver. |
43 | Knowledge of how to do this is not available in the current non-classified | |
fea681da | 44 | literature, but it is theoretically possible that such an attack may |
c13182ef MK |
45 | exist. |
46 | If this is a concern in your application, use \fI/dev/random\fP | |
fea681da | 47 | instead. |
35490a1f | 48 | .SH CONFIGURATION |
fea681da | 49 | If your system does not have |
c13182ef | 50 | \fI/dev/random\fP and \fI/dev/urandom\fP created already, they |
fea681da MK |
51 | can be created with the following commands: |
52 | ||
53 | .nf | |
7295b7ed MK |
54 | mknod \-m 644 /dev/random c 1 8 |
55 | mknod \-m 644 /dev/urandom c 1 9 | |
56 | chown root:root /dev/random /dev/urandom | |
fea681da | 57 | .fi |
c13182ef MK |
58 | |
59 | When a Linux system starts up without much operator interaction, | |
fea681da | 60 | the entropy pool may be in a fairly predictable state. |
c13182ef MK |
61 | This reduces the actual amount of noise in the entropy pool |
62 | below the estimate. | |
63 | In order to counteract this effect, it helps to carry | |
64 | entropy pool information across shut-downs and start-ups. | |
65 | To do this, add the following lines to an appropriate script | |
66 | which is run during the Linux system start-up sequence: | |
fea681da MK |
67 | |
68 | .nf | |
7295b7ed MK |
69 | echo "Initializing random number generator..." |
70 | random_seed=/var/run/random-seed | |
71 | # Carry a random seed from start-up to start-up | |
72 | # Load and then save the whole entropy pool | |
73 | if [ \-f $random_seed ]; then | |
74 | cat $random_seed >/dev/urandom | |
75 | else | |
76 | touch $random_seed | |
77 | fi | |
78 | chmod 600 $random_seed | |
79 | poolfile=/proc/sys/kernel/random/poolsize | |
80 | [ \-r $poolfile ] && bytes=`cat $poolfile` || bytes=512 | |
81 | dd if=/dev/urandom of=$random_seed count=1 bs=$bytes | |
fea681da MK |
82 | .fi |
83 | ||
c13182ef | 84 | Also, add the following lines in an appropriate script which is |
fea681da | 85 | run during the Linux system shutdown: |
c13182ef | 86 | |
fea681da | 87 | .nf |
7295b7ed MK |
88 | # Carry a random seed from shut-down to start-up |
89 | # Save the whole entropy pool | |
90 | echo "Saving random seed..." | |
91 | random_seed=/var/run/random-seed | |
92 | touch $random_seed | |
93 | chmod 600 $random_seed | |
94 | poolfile=/proc/sys/kernel/random/poolsize | |
95 | [ \-r $poolfile ] && bytes=`cat $poolfile` || bytes=512 | |
96 | dd if=/dev/urandom of=$random_seed count=1 bs=$bytes | |
fea681da MK |
97 | .fi |
98 | .SH "PROC INTERFACE" | |
99 | The files in the directory | |
100 | .I /proc/sys/kernel/random | |
101 | (present since 2.3.16) provide an additional interface to the | |
8478ee02 | 102 | .I /dev/random |
fea681da MK |
103 | device. |
104 | .LP | |
105 | The read-only file | |
106 | .I entropy_avail | |
c13182ef MK |
107 | gives the available entropy. |
108 | Normally, this will be 4096 (bits), | |
fea681da MK |
109 | a full entropy pool. |
110 | .LP | |
111 | The file | |
112 | .I poolsize | |
c13182ef MK |
113 | gives the size of the entropy pool. |
114 | Normally, this will be 512 (bytes). | |
fea681da MK |
115 | It can be changed to any value for which an algorithm is available. |
116 | Currently the choices are 32, 64, 128, 256, 512, 1024, 2048. | |
117 | .LP | |
118 | The file | |
119 | .I read_wakeup_threshold | |
120 | contains the number of bits of entropy required for waking up processes | |
121 | that sleep waiting for entropy from | |
31e9a9ec | 122 | .IR /dev/random . |
fea681da MK |
123 | The default is 64. |
124 | The file | |
125 | .I write_wakeup_threshold | |
126 | contains the number of bits of entropy below which we wake up | |
127 | processes that do a | |
5e21af3a | 128 | .BR select (2) |
fea681da | 129 | or |
5e21af3a | 130 | .BR poll (2) |
fea681da | 131 | for write access to |
31e9a9ec | 132 | .IR /dev/random . |
fea681da MK |
133 | These values can be changed by writing to the files. |
134 | .LP | |
135 | The read-only files | |
136 | .I uuid | |
137 | and | |
138 | .I boot_id | |
139 | contain random strings like 6fd5a44b-35f4-4ad4-a9b9-6b9be13e1fe9. | |
140 | The former is generated afresh for each read, the latter was | |
141 | generated once. | |
142 | .SH FILES | |
143 | /dev/random | |
144 | .br | |
145 | /dev/urandom | |
dc919d09 MK |
146 | .\" .SH AUTHOR |
147 | .\" The kernel's random number generator was written by | |
148 | .\" Theodore Ts'o (tytso@athena.mit.edu). | |
fea681da MK |
149 | .SH "SEE ALSO" |
150 | mknod (1) | |
151 | .br | |
331da7c3 | 152 | RFC\ 1750, "Randomness Recommendations for Security" |