random(7) Miscellaneous Information Manual random(7)
NAME
random, urandom, rng - strong random number generator
SYNOPSIS
DESCRIPTION
The character special files and provide an interface to the kernel-resident random number generator, A from is potentially blocking. A
from is always nonblocking. Data from can potentially have lower entropy than data from
The module is a dynamically loadable kernel module (DLKM). That is, it can be dynamically unconfigured or reconfigured by an administrator
with root authority without rebooting the system.
A sequence from has unlimited entropy. In contrast, a sequence generated computationally by a pseudorandom number generator, such as ran-
dom(3M), has limited entropy, derived only from its initial seed. The module should be considered a quality source for randomness. It has
passed extensive statistical testing, including the NIST (National Institute of Standards and Technology) tests for randomness.
The module uses the uncertainty in completion times of interrupt threads triggered by external events. The module extracts a sequence of
bits from the interrupt time stamps. Any existing bit bias is removed to yield a sequence with uniform distribution of 0's and 1's. The
resulting sequence is divided between the holding buffers for the special files and For each on and data is retrieved from the correspond-
ing holding buffer. A hash function based on AES (Advanced Encryption Standard) is applied and the result is placed in the buffer provided
by the user. All requests on the holding buffers are serialized to ensure that returned random data is not shared between different
requests even for simultaneous requests on a multiprocessor system.
There is no function associated with either or and both devices are read-only by all users. A single is defined for to facilitate indepen-
dent verification of production.
The file contains the following definitions:
/* The maximum request size, for read() or ioctl(), in bytes */
#define RNG_READMAX 256
/* ioctl() to retrieve data from the entropy collector directly*/
#define RNG_GETRAW _IOR('Q', 0, uint8_t[RNG_READMAX])
If a request is for more than RNG_READMAX bytes, it is treated as if it was for exactly bytes. This holds for both and
Specific Information About /dev/random
When there are a large number of requests on within a short time interval, the demand on the holding buffer can exceed the rate at which
data is supplied by A on the device blocks the requesting thread if the random data stored in the holding buffer is too low to complete the
request. The thread blocks until the holding buffer has been updated with enough random data to complete the request.
For flags, only and have device-specific actions. If neither of these flags is set, a on will block until the amount of data requested, up
to bytes, can be returned. When the requested number of bytes is not available and either of the above flags are set, returns immediately.
If the flag is set, returns -1 and errno is set to If is not set and is set, returns zero.
The permits an application with superuser privilege to fetch bytes of data directly from the holding buffer, after bias has been removed
but before the AES hash. This interface is not intended to be used for cryptographic applications, rather, for statistical testing of the
randomness of the data in the holding buffer. This blocks for the same reason as a read on If the requesting thread does not have supe-
ruser authority, is returned.
Specific Information About /dev/urandom
To address the limited random data collection rate problem, the device is strictly nonblocking. The holding buffer is regularly updated
with random data, yet a high number of reads can decrease the entropy in its holding buffer. Under this conditions, the entropy of the
data from will be slightly lower that the one from yet can still be considered a good source of random numbers.
There are no flags that result in device-specific actions with
ERRORS
For was set when was opened, and there is insufficient content in the holding buffer to complete the request.
For the the requesting thread did not have superuser authority.
AUTHOR
The random number generator was developed by HP.
For bias removal, the generator uses an algorithm by Dr. Yuval Perez, University of California.
The secure hashing uses an AES implementation provided by Dr. Brian Gladman, UK.
The NIST statistical tests are available at
FILES
SEE ALSO
random(3M).
random(7)