1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
|
'\" te
.\" Copyright (c) 2008, Sun Microsystems, Inc. All Rights Reserved
.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
.TH RANDOM 7D "Sep 1, 2008"
.SH NAME
random, urandom \- Strong random number generator device
.SH SYNOPSIS
.LP
.nf
/dev/random
.fi
.LP
.nf
/dev/urandom
.fi
.SH DESCRIPTION
.sp
.LP
The \fB/dev/random\fR and \fB/dev/urandom\fR files are special files that are a
source for random bytes generated by the kernel random number generator device.
The \fB/dev/random\fR and \fB/dev/urandom\fR files are suitable for
applications requiring high quality random numbers for cryptographic purposes.
.sp
.LP
The generator device produces random numbers from data and devices available to
the kernel and estimates the amount of randomness (or "entropy") collected
from these sources. The entropy level determines the amount of high quality
random numbers that are produced at a given time.
.sp
.LP
Applications retrieve random bytes by reading \fB/dev/random\fR or
\fB/dev/urandom\fR. The \fB/dev/random\fR interface returns random bytes only
when sufficient amount of entropy has been collected. If there is no entropy to
produce the requested number of bytes, \fB/dev/random\fR blocks until more
entropy can be obtained. Non-blocking I/O mode can be used to disable the
blocking behavior. The \fB/dev/random\fR interface also supports \fBpoll\fR(2).
Note that using \fBpoll\fR(2) will not increase the speed at which random
numbers can be read.
.sp
.LP
Bytes retrieved from \fB/dev/random\fR provide the highest quality random
numbers produced by the generator, and can be used to generate long term keys
and other high value keying material.
.sp
.LP
The \fB/dev/urandom\fR interface returns bytes regardless of the amount of
entropy available. It does not block on a read request due to lack of entropy.
While bytes produced by the \fB/dev/urandom\fR interface are of lower quality
than bytes produced by \fB/dev/random\fR, they are nonetheless suitable for
less demanding and shorter term cryptographic uses such as short term session
keys, paddings, and challenge strings.
.sp
.LP
Data can be written to \fB/dev/random\fR and \fB/dev/urandom\fR. Data written
to either special file is added to the generator's internal state. Data that is
difficult to predict by other users may contribute randomness to the generator
state and help improve the quality of future generated random numbers.
.sp
.LP
\fB/dev/random\fR collects entropy from providers that are registered with the
kernel-level cryptographic framework and implement random number generation
routines. The \fBcryptoadm\fR(1M) utility allows an administrator to configure
which providers will be used with \fB/dev/random\fR.
.SH ERRORS
.sp
.ne 2
.na
\fB\fBEAGAIN\fR\fR
.ad
.RS 11n
\fBO_NDELAY\fR or \fBO_NONBLOCK\fR was set and no random bytes are available
for reading from \fB/dev/random\fR.
.RE
.sp
.ne 2
.na
\fB\fBEINTR\fR\fR
.ad
.RS 11n
A signal was caught while reading and no data was transferred.
.RE
.sp
.ne 2
.na
\fB\fBENOXIO \fR\fR
.ad
.RS 11n
\fBopen\fR(2) request failed on \fB/dev/random\fR because no entropy provider
is available.
.RE
.SH FILES
.sp
.ne 2
.na
\fB\fB/dev/random\fR\fR
.ad
.RS 16n
.RE
.sp
.ne 2
.na
\fB\fB/dev/urandom\fR\fR
.ad
.RS 16n
.RE
.SH ATTRIBUTES
.sp
.LP
See \fBattributes\fR(5) for descriptions of the following attributes:
.sp
.sp
.TS
box;
c | c
l | l .
ATTRIBUTE TYPE ATTRIBUTE VALUE
Interface Stability Evolving
.TE
.SH SEE ALSO
.sp
.LP
\fBcryptoadm\fR(1M), \fBopen\fR(2), \fBpoll\fR(2), \fBattributes\fR(5)
.SH NOTES
.sp
.LP
\fB/dev/random\fR can be configured to use only the hardware-based providers
registered with the kernel-level cryptographic framework by disabling the
software-based provider using \fBcryptoadm\fR(1M). You can also use
\fBcryptoadm\fR(1M) to obtain the name of the software-based provider.
.sp
.LP
Because no entropy is available, disabling all randomness providers causes
\fBread\fR(2) and \fBpoll\fR(2) on \fB/dev/random\fR to block indefinitely and
results in a warning message being logged and displayed on the system console.
However, \fBread\fR(2) and \fBpoll\fR(2) on \fB/dev/urandom\fR continue to work
in this case.
.sp
.LP
An implementation of the \fB/dev/random\fR and \fB/dev/urandom\fR kernel-based
random number generator first appeared in Linux 1.3.30.
.sp
.LP
A \fB/dev/random\fR interface for Solaris first appeared as part of the
CryptoRand implementation.
|
