random(7)random(7)NAME
random, urandom, rng - strong random number generator
SYNOPSISDESCRIPTION
The character special files and provide an interface to the kernel-res‐
ident random number generator, A from is potentially blocking. A from
is always nonblocking. Data from can potentially have lower entropy
than data from
The module is a dynamically loadable kernel module (DLKM). That is, it
can be dynamically unconfigured or reconfigured by an administrator
with root authority without rebooting the system.
A sequence from has unlimited entropy. In contrast, a sequence gener‐
ated computationally by a pseudorandom number generator, such as ran‐
dom(3M), has limited entropy, derived only from its initial seed. The
module should be considered a quality source for randomness. It has
passed extensive statistical testing, including the NIST (National
Institute of Standards and Technology) tests for randomness.
The module uses the uncertainty in completion times of interrupt
threads triggered by external events. The module extracts a sequence
of bits from the interrupt time stamps. Any existing bit bias is
removed to yield a sequence with uniform distribution of 0's and 1's.
The resulting sequence is divided between the holding buffers for the
special files and For each on and data is retrieved from the corre‐
sponding holding buffer. A hash function based on AES (Advanced
Encryption Standard) is applied and the result is placed in the buffer
provided by the user. All requests on the holding buffers are serial‐
ized to ensure that returned random data is not shared between differ‐
ent requests even for simultaneous requests on a multiprocessor system.
There is no function associated with either or and both devices are
read-only by all users. A single is defined for to facilitate indepen‐
dent verification of production.
The file contains the following definitions:
/* The maximum request size, for read() or ioctl(), in bytes */
#define RNG_READMAX 256
/* ioctl() to retrieve data from the entropy collector directly*/
#define RNG_GETRAW _IOR('Q', 0, uint8_t[RNG_READMAX])
If a request is for more than RNG_READMAX bytes, it is treated as if it
was for exactly bytes. This holds for both and
Specific Information About /dev/random
When there are a large number of requests on within a short time inter‐
val, the demand on the holding buffer can exceed the rate at which data
is supplied by A on the device blocks the requesting thread if the ran‐
dom data stored in the holding buffer is too low to complete the
request. The thread blocks until the holding buffer has been updated
with enough random data to complete the request.
For flags, only and have device-specific actions. If neither of these
flags is set, a on will block until the amount of data requested, up to
bytes, can be returned. When the requested number of bytes is not
available and either of the above flags are set, returns immediately.
If the flag is set, returns -1 and errno is set to If is not set and is
set, returns zero.
The permits an application with superuser privilege to fetch bytes of
data directly from the holding buffer, after bias has been removed but
before the AES hash. This interface is not intended to be used for
cryptographic applications, rather, for statistical testing of the ran‐
domness of the data in the holding buffer. This blocks for the same
reason as a read on If the requesting thread does not have superuser
authority, is returned.
Specific Information About /dev/urandom
To address the limited random data collection rate problem, the device
is strictly nonblocking. The holding buffer is regularly updated with
random data, yet a high number of reads can decrease the entropy in its
holding buffer. Under this conditions, the entropy of the data from
will be slightly lower that the one from yet can still be considered a
good source of random numbers.
There are no flags that result in device-specific actions with
ERRORS
For was set when was opened, and there is insufficient con‐
tent in the holding buffer to complete the request.
For the the requesting thread did not have superuser authority.
AUTHOR
The random number generator was developed by HP.
For bias removal, the generator uses an algorithm by Dr. Yuval Perez,
University of California.
The secure hashing uses an AES implementation provided by Dr. Brian
Gladman, UK.
The NIST statistical tests are available at
FILESSEE ALSOrandom(3M).
random(7)