Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
random(7D)			    Devices			    random(7D)

       random, urandom - Strong	random number generator	device



       The  /dev/random	 and  /dev/urandom  files are special files that are a
       source for random bytes generated by the	kernel random number generator
       device.	The /dev/random	and /dev/urandom files are suitable for	appli-
       cations requiring high quality random numbers  for  cryptographic  pur-

       The  generator  device  produces	 random	 numbers from data and devices
       available to the	kernel and estimates  the  amount  of  randomness  (or
       "entropy")  collected  from these sources. The entropy level determines
       the amount of high quality random numbers that are produced at a	 given

       Applications retrieve random bytes by reading /dev/random or /dev/uran-
       dom. The	/dev/random interface returns random bytes  only  when	suffi-
       cient  amount  of entropy has been collected. If	there is no entropy to
       produce the requested number of bytes, /dev/random  blocks  until  more
       entropy	can  be	obtained. Non-blocking I/O mode	can be used to disable
       the blocking behavior. The /dev/random interface	also supports poll(2).
       Note  that  using  poll(2)  will	not increase the speed at which	random
       numbers can be read.

       Bytes retrieved from /dev/random	provide	 the  highest  quality	random
       numbers	produced  by  the  generator, and can be used to generate long
       term keys and other high	value keying material.

       The  /dev/urandom interface returns bytes regardless of the  amount  of
       entropy	available.  It does not	block on a read	request	due to lack of
       entropy.	While bytes produced by	 the  /dev/urandom  interface  are  of
       lower  quality than bytes produced by /dev/random, they are nonetheless
       suitable	for less demanding and shorter term cryptographic uses such as
       short term session keys,	paddings, and challenge	strings.

       Data  can  be  written to /dev/random and /dev/urandom. Data written to
       either special file is added to the generator's	internal  state.  Data
       that  is	 difficult to predict by other users may contribute randomness
       to the generator	state and help improve the quality of future generated
       random numbers.

       By  default,  write access is restricted	to the super-user. An adminis-
       trator may change the default read/write	restriction  by	 changing  the
       permissions on the appropriate special files.

       /dev/random  collects  entropy  from providers that are registered with
       the kernel-level	cryptographic framework	and  implement	random	number
       generation  routines. The cryptoadm(1M) utility allows an administrator
       to configure which providers will be used with /dev/random.

       EAGAIN	       O_NDELAY	or O_NONBLOCK was set and no random bytes  are
		       available for reading from /dev/random.

       EINTR	       A  signal  was  caught  while  reading  and no data was

       ENOXIO	       open(2) request failed on /dev/random  because  no  en-
		       tropy provider is available.



       See attributes(5) for descriptions of the following attributes:

       |      ATTRIBUTE	TYPE	     |	    ATTRIBUTE VALUE	   |
       |Availability		     | SUNWcsr			   |
       |Interface Stability	     |Evolving			   |

       cryptoadm(1M), open(2), poll(2),	attributes(5)

       /dev/random  can	be configured to use only the hardware-based providers
       registered with the kernel-level	cryptographic framework	 by  disabling
       the software-based provider using cryptoadm(1M).	You can	also use cryp-
       toadm(1M) to obtain the name of the software-based provider.

       Because no entropy is available,	 disabling  all	 randomness  providers
       causes read(2) and poll(2) on /dev/random to block indefinitely and re-
       sults in	a warning message being	logged and  displayed  on  the	system
       console.	 However,  read(2) and poll(2) on /dev/random continue to work
       in this case.

       An implementation of the	/dev/random and	/dev/urandom kernel-based ran-
       dom number generator first appeared in Linux 1.3.30.

       A /dev/random interface for Solaris first appeared as part of the Cryp-
       toRand implementation.

SunOS 5.10			 21 June 2004			    random(7D)


Want to link to this manual page? Use this URL:

home | help