Devices random(7D)
NAME
random, urandom - Strong random number generator device
SYNOPSIS
/dev/random
/dev/urandom
DESCRIPTION
The /dev/random and /dev/urandom files are special files
that are a source for random bytes generated by the kernel
random number generator device. The /dev/random and
/dev/urandom files are suitable for applications requiring
high quality random numbers for cryptographic purposes.
The generator device produces random numbers from data and
devices available to the kernel and estimates the amount of
randomness (or "entropy") collected from these sources. The
entropy level determines the amount of high quality random
numbers that are produced at a given time.
Applications retrieve random bytes by reading /dev/random or
/dev/urandom. The /dev/random interface returns random bytes
only when sufficient amount of entropy has been collected.
If there is no entropy to produce the requested number of
bytes, /dev/random blocks until more entropy can be
obtained. Non-blocking I/O mode can be used to disable the
blocking behavior. The /dev/random interface also supports
poll(2). Note that using poll(2) will not increase the speed
at which random numbers can be read.
Bytes retrieved from /dev/random provide the highest quality
random numbers produced by the generator, and can be used to
generate long term keys and other high value keying
material.
The /dev/urandom interface returns bytes regardless of the
amount of entropy available. It does not block on a read
request due to lack of entropy. While bytes produced by the
/dev/urandom interface are of lower quality than bytes pro-
duced by /dev/random, they are nonetheless suitable for less
demanding and shorter term cryptographic uses such as short
term session keys, paddings, and challenge strings.
SunOS 5.11 Last change: 1 Sep 2008 1
Devices random(7D)
Data can be written to /dev/random and /dev/urandom. Data
written to either special file is added to the generator's
internal state. Data that is difficult to predict by other
users may contribute randomness to the generator state and
help improve the quality of future generated random numbers.
/dev/random collects entropy from providers that are
registered with the kernel-level cryptographic framework and
implement random number generation routines. The
cryptoadm(1M) utility allows an administrator to configure
which providers will be used with /dev/random.
ERORS
EAGAIN ONDELAY or ONONBLOCK was set and no random
bytes are available for reading from /dev/random.
EINTR A signal was caught while reading and no data was
transferred.
ENOXIO open(2) request failed on /dev/random because no
entropy provider is available.
FILES
/dev/random
/dev/urandom
ATRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
ATRIBUTE TYPE ATRIBUTE VALUE
Availability SUNWcsr
Interface Stability Evolving
SEE ALSO
cryptoadm(1M), open(2), poll(2), attributes(5)
NOTES
SunOS 5.11 Last change: 1 Sep 2008 2
Devices random(7D)
/dev/random can be configured to use only the hardware-based
providers registered with the kernel-level cryptographic
framework by disabling the software-based provider using
cryptoadm(1M). You can also use cryptoadm(1M) to obtain the
name of the software-based provider.
Because no entropy is available, disabling all randomness
providers causes read(2) and poll(2) on /dev/random to block
indefinitely and results in a warning message being logged
and displayed on the system console. However, read(2) and
poll(2) on /dev/urandom continue to work in this case.
An implementation of the /dev/random and /dev/urandom
kernel-based random number generator first appeared in Linux
1.3.30.
A /dev/random interface for Solaris first appeared as part
of the CryptoRand implementation.
SunOS 5.11 Last change: 1 Sep 2008 3
|
