/ dev / random

/dev/randomis a character-oriented virtual device file under many Unix-like operating systems , through which programs can access a system-wide random number generator of high quality. Since cryptography services and thus random numbers play an important role for network-oriented systems such as Unix , this file and the driver behind it are very important.

The random number generator collects ambient noise from device drivers and other sources in an entropy "pool" . The generator also stores an estimate of the number of bits in the entropy pool. The random numbers are generated from this “pool”. When reading, it /dev/randomonly returns random numbers until the estimated amount of entropy is exhausted; then block reads /dev/randomuntil additional ambient noise is received. /dev/randomshould be sufficient for applications that rely on a very high quality of randomness, such as encryption (e.g. one-time pads or key generation ). For reasons of speed, in practice often only the “seed” of a pseudo-random number generator is /dev/randomread by (e.g. in OpenSSL , PGP and GnuPG ).

The current fill level of the entropy pool can be determined from the file under Linux/proc/sys/kernel/random/entropy_avail . An output of the file provides the available entropy in bits, whereby the maximum of 4096 bits corresponds to a completely filled "pool".

/ dev / urandom

From /dev/urandom(from English unlimited random (ness) ) can be /dev/randomread as from random numbers. In contrast to the latter, however, it does not block if it falls below a defined entropy threshold. In this case it could theoretically be possible that the generated pseudo-random numbers could be calculated by an attacker afterwards.

standardization

/dev/random(as well as /dev/urandom) is not specified in the File System Hierarchy Standard 2.3 or in the Single UNIX Specification 3.0.

Implementations

/dev/randomhas been part of the kernel under Solaris since Solaris 9 (2002) . The Linux kernel provides a - Device least ready since of 2002. In FreeBSD , a place on the Yarrow algorithm based generator use, is supported since June 2000 (FreeBSD 2.2). AIX offers both and and has also been using a Yarrow implementation since AIX 5.2. /dev/random/dev/random/dev/random/dev/urandom

Improvement in entropy

Via software such as B. timer_entropyd, haveged, randomsound, the entropy can be improved and or the entropy pool larger, so there are more random numbers. With the GNU software rng-tools, physical random number generators can be integrated under Linux and similar operating systems .

literature

Documentation and analysis of the Linux pseudo random number generator A study on behalf of the Federal Office for Information Security (BSI); December 2013

Individual evidence

↑ Linux manpage random (4)
↑ Solaris 10 manpage random (7d) ( Memento from February 16, 2009 in the Internet Archive )
↑ http://linux.die.net/man/4/urandom
↑ Archive link ( Memento from July 31, 2009 in the Internet Archive )
↑ http://www.cosy.sbg.ac.at/~andi/SUNrand/
↑ random (4) BSD Kernel Interfaces Manual. Retrieved April 21, 2013 .
↑ http://svn.freebsd.org/viewvc/base/head/sys/dev/random/randomdev.c?view=log
↑ AIX 5.2 / dev / random and / dev / urandom devices. Retrieved April 21, 2013 .
↑ Archive link ( Memento from September 21, 2013 in the Internet Archive )

[1] Linux manpage random (4)

[2] Solaris 10 manpage random (7d) ( Memento from February 16, 2009 in the Internet Archive )

[3] ttp://linux.die.net/man/4/urandom

[4] Archive link ( Memento from July 31, 2009 in the Internet Archive )

[5] ttp://www.cosy.sbg.ac.at/~andi/SUNrand/

[6] random (4) BSD Kernel Interfaces Manual. Retrieved April 21, 2013 .

[7] ttp://svn.freebsd.org/viewvc/base/head/sys/dev/random/randomdev.c?view=log

[8] AIX 5.2 / dev / random and / dev / urandom devices. Retrieved April 21, 2013 .

[9] Archive link ( Memento from September 21, 2013 in the Internet Archive )