Skip site navigation (1)Skip section navigation (2)

FreeBSD Man Pages

Man Page or Keyword Search:
Man Architecture
Apropos Keyword Search (all sections) Output format
home | help
RANDOM(4)	       FreeBSD Kernel Interfaces Manual		     RANDOM(4)

NAME
     random -- the entropy device

DESCRIPTION
     The random	device accepts and reads data as any ordinary (and willing)
     file, but throws away any data written to it, and returns an endless sup-
     ply of random bytes when read.

     The only purpose of writing data to random	is to perturb the internal
     state.  This perturbation of the internal state is	the only userland
     method of introducing extra entropy into the device.  If the writer has
     superuser privilege, then closing the device after	writing	will make the
     internal generator	reseed itself.	This can be used for extra security,
     as	it immediately introduces any/all new entropy into the PRNG.  The
     random device can be controlled with sysctl(8).

     To	see the	devices' current settings, use the command line:

	   sysctl kern.random

     which results in something	like:

	   kern.random.sys.seeded: 1
	   kern.random.sys.burst: 20
	   kern.random.sys.harvest.ethernet: 0
	   kern.random.sys.harvest.point_to_point: 0
	   kern.random.sys.harvest.interrupt: 0
	   kern.random.yarrow.gengateinterval: 10
	   kern.random.yarrow.bins: 10
	   kern.random.yarrow.fastthresh: 100
	   kern.random.yarrow.slowthresh: 160
	   kern.random.yarrow.slowoverthresh: 2

     All settings are read/write.

     The kern.random.sys.seeded	variable indicates whether or not the random
     device is in an acceptably	secure state as	a result of reseeding.	If set
     to	0, the device will block (on read) until the next reseed (which	can be
     from an explicit write, or	as a result of entropy harvesting).  A reseed
     will set the value	to 1 (non-blocking).

     The kern.random.sys.burst variable	instructs the kernel thread that pro-
     cesses the	harvest	queue to tsleep(9) briefly after that many events have
     been processed.  This helps prevent the random device from	being so com-
     pute-bound	that it	takes over all processing ability.  A value of zero
     (0) is treated as infinity, and will only allow the kernel	to pause if
     the queue is empty.  Only values in the range [0..20] are accepted.

     The kern.random.sys.harvest.ethernet variable is used to select LAN traf-
     fic as an entropy source.	A zero (0) value means that LAN	traffic	is not
     considered	as an entropy source.  Set the variable	to one (1) if you wish
     to	use LAN	traffic	for entropy harvesting.

     The kern.random.sys.harvest.point_to_point	variable is used to select
     serial line traffic as an entropy source.	(Serial	line traffic includes
     PPP, SLIP and all tun0 traffic.)  A zero (0) value	means such traffic is
     not considered as an entropy source.  Set the variable to one (1) if you
     wish to use it for	entropy	harvesting.

     The kern.random.sys.harvest.interrupt variable is used to select hardware
     interrupts	as an entropy source.  A zero (0) value	means interrupts are
     not considered as an entropy source.  Set the variable to one (1) if you
     wish to use them for entropy harvesting.  All interrupt harvesting	is
     setup by the individual device drivers.

     The other variables are explained in the paper describing the Yarrow
     algorithm at http://www.counterpane.com/yarrow.html.

     These variables are all limited in	terms of the values they may contain:
	   kern.random.yarrow.gengateinterval  [4..64]
	   kern.random.yarrow.bins	       [2..16]
	   kern.random.yarrow.fastthresh       [64..256]
	   kern.random.yarrow.slowthresh       [64..256]
	   kern.random.yarrow.slowoverthresh   [1..5]

     Internal sysctl(3)	handlers force the above variables into	the stated
     ranges.

FILES
     /dev/random

SEE ALSO
     sysctl(8)

HISTORY
     A random device appeared in FreeBSD 2.2.  The early version was taken
     from Theodore Ts'o's entropy driver for Linux.  The current implementa-
     tion, introduced in FreeBSD 5.0, is a complete rewrite by Mark R V
     Murray, and is an implementation of the Yarrow algorithm by Bruce
     Schneier, et al.

FreeBSD	9.2		       February	10, 2001		   FreeBSD 9.2

NAME | DESCRIPTION | FILES | SEE ALSO | HISTORY

Want to link to this manual page? Use this URL:
<http://www.freebsd.org/cgi/man.cgi?query=random&sektion=4&manpath=FreeBSD+5.0-RELEASE>

home | help