Visit Our UNIX and Linux User Community

Linux and UNIX Man Pages

Test Your Knowledge in Computers #881
Difficulty: Medium
One many threat vectors to a modern SCADA system is the threat of unauthorized access to the control software,
True or False?
Linux & Unix Commands - Search Man Pages

rngd(8) [centos man page]

RNGD(8) 						      System Manager's Manual							   RNGD(8)

NAME
rngd - Check and feed random data from hardware device to kernel random device SYNOPSIS
rngd [-b, --background] [-f, --foreground] [-i, --ignorefail] [-o, --random-device=file] [-p, --pid-file=file] [-r, --rng-device=file] [-s, --random-step=nnn] [-W, --fill-watermark=nnn] [-d, --no-drng=1|0] [-n, --no-tpm=1|0] [-q, --quiet] [-v, --verbose] [-?, --help] [-V, --ver- sion] DESCRIPTION
This daemon feeds data from a random number generator to the kernel's random number entropy pool, after first checking the data to ensure that it is properly random. The -f or --foreground options can be used to tell rngd to avoid forking on startup. This is typically used for debugging. The -b or --background options, which fork and put rngd into the background automatically, are the default. The -r or --rng-device options can be used to select an alternate source of input, besides the default /dev/hwrandom. The -o or --random- device options can be used to select an alternate entropy output device, besides the default /dev/random. Note that this device must sup- port the Linux kernel /dev/random ioctl API. FIXME: document random-step and timeout OPTIONS
-b, --background Become a daemon (default) -f, --foreground Do not fork and become a daemon -p file, --pid-file=file File used for recording daemon PID, and multiple exclusion (default: /var/run/rngd.pid) -i, --ignorefail Ignore repeated fips failures -o file, --random-device=file Kernel device used for random number output (default: /dev/random) -r file, --rng-device=file Kernel device used for random number input (default: /dev/hwrandom) -s nnn, --random-step=nnn Number of bytes written to random-device at a time (default: 64) -W n, --fill-watermark=nnn Once we start doing it, feed entropy to random-device until at least fill-watermark bits of entropy are available in its entropy pool (default: 2048). Setting this too high will cause rngd to dominate the contents of the entropy pool. Low values will hurt system performance during entropy starves. Do not set fill-watermark above the size of the entropy pool (usually 4096 bits). -d 1|0, --no-drng=1|0 Do not use drng as a source of random number input (default:0) -n 1|0, --no-tpm=1|0 Do not use tpm as a source of random number input (default:0) -q, --quiet Suppress error messages -v, --verbose Report available entropy sources -?, --help Give a short summary of all program options. -V, --version Print program version AUTHORS
Philipp Rumpf Jeff Garzik - jgarzik@pobox.com Matt Sottek Brad Hill rng-tools 4 March 2001 RNGD(8)

Check Out this Related Man Page

random(7D)							      Devices								random(7D)

NAME
random, urandom - Strong random number generator device SYNOPSIS
/dev/random /dev/urandom DESCRIPTION
The /dev/random and /dev/urandom files are special files that are a source for random bytes generated by the kernel random number generator device. The /dev/random and /dev/urandom files are suitable for applications requiring high quality random numbers for cryptographic pur- poses. The generator device produces random numbers from data and devices available to the kernel and estimates the amount of randomness (or "entropy") collected from these sources. The entropy level determines the amount of high quality random numbers that are produced at a given time. Applications retrieve random bytes by reading /dev/random or /dev/urandom. The /dev/random interface returns random bytes only when suffi- cient amount of entropy has been collected. If there is no entropy to produce the requested number of bytes, /dev/random blocks until more entropy can be obtained. Non-blocking I/O mode can be used to disable the blocking behavior. The /dev/random interface also supports poll(2). Note that using poll(2) will not increase the speed at which random numbers can be read. Bytes retrieved from /dev/random provide the highest quality random numbers produced by the generator, and can be used to generate long term keys and other high value keying material. The /dev/urandom interface returns bytes regardless of the amount of entropy available. It does not block on a read request due to lack of entropy. While bytes produced by the /dev/urandom interface are of lower quality than bytes produced by /dev/random, they are nonetheless suitable for less demanding and shorter term cryptographic uses such as short term session keys, paddings, and challenge strings. Data can be written to /dev/random and /dev/urandom. Data written to either special file is added to the generator's internal state. Data that is difficult to predict by other users may contribute randomness to the generator state and help improve the quality of future gener- ated random numbers. /dev/random collects entropy from providers that are registered with the kernel-level cryptographic framework and implement random number generation routines. The cryptoadm(1M) utility allows an administrator to configure which providers will be used with /dev/random. ERRORS
EAGAIN O_NDELAY or O_NONBLOCK was set and no random bytes are available for reading from /dev/random. EINTR A signal was caught while reading and no data was transferred. ENOXIO open(2) request failed on /dev/random because no entropy provider is available. FILES
/dev/random /dev/urandom ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability | SUNWcsr | |Interface Stability |Evolving | +-----------------------------+-----------------------------+ SEE ALSO
cryptoadm(1M), open(2), poll(2), attributes(5) NOTES
/dev/random can be configured to use only the hardware-based providers registered with the kernel-level cryptographic framework by dis- abling the software-based provider using cryptoadm(1M). You can also use cryptoadm(1M) to obtain the name of the software-based provider. Because no entropy is available, disabling all randomness providers causes read(2) and poll(2) on /dev/random to block indefinitely and results in a warning message being logged and displayed on the system console. However, read(2) and poll(2) on /dev/urandom continue to work in this case. An implementation of the /dev/random and /dev/urandom kernel-based random number generator first appeared in Linux 1.3.30. A /dev/random interface for Solaris first appeared as part of the CryptoRand implementation. SunOS 5.11 1 Sep 2008 random(7D)

Featured Tech Videos