/ dev / random
/dev/random
is a character-oriented virtual device file under many Unix-like operating systems , through which programs can access a system-wide random number generator of high quality. Since cryptography services and thus random numbers play an important role for network-oriented systems such as Unix , this file and the driver behind it are very important.
The random number generator collects ambient noise from device drivers and other sources in an entropy "pool" . The generator also stores an estimate of the number of bits in the entropy pool. The random numbers are generated from this “pool”. When reading, it /dev/random
only returns random numbers until the estimated amount of entropy is exhausted; then block reads /dev/random
until additional ambient noise is received. /dev/random
should be sufficient for applications that rely on a very high quality of randomness, such as encryption (e.g. one-time pads or key generation ). For reasons of speed, in practice often only the “seed” of a pseudo-random number generator is /dev/random
read by (e.g. in OpenSSL , PGP and GnuPG ).
The current fill level of the entropy pool can be determined from the file under Linux/proc/sys/kernel/random/entropy_avail
. An output of the file provides the available entropy in bits, whereby the maximum of 4096 bits corresponds to a completely filled "pool".
/ dev / urandom
From /dev/urandom
(from English unlimited random (ness) ) can be /dev/random
read as from random numbers. In contrast to the latter, however, it does not block if it falls below a defined entropy threshold. In this case it could theoretically be possible that the generated pseudo-random numbers could be calculated by an attacker afterwards.
standardization
/dev/random
(as well as /dev/urandom
) is not specified in the File System Hierarchy Standard 2.3 or in the Single UNIX Specification 3.0.
Implementations
/dev/random
has been part of the kernel under Solaris since Solaris 9 (2002) . The Linux kernel provides a - Device least ready since of 2002. In FreeBSD , a place on the Yarrow algorithm based generator use, is supported since June 2000 (FreeBSD 2.2). AIX offers both and and has also been using a Yarrow implementation since AIX 5.2.
/dev/random
/dev/random
/dev/random
/dev/urandom
Improvement in entropy
Via software such as B. timer_entropyd
, haveged
, randomsound
, the entropy can be improved and or the entropy pool larger, so there are more random numbers. With the GNU software rng-tools
, physical random number generators can be integrated under Linux and similar operating systems .
See also
literature
- Documentation and analysis of the Linux pseudo random number generator A study on behalf of the Federal Office for Information Security (BSI); December 2013
Individual evidence
- ↑ Linux manpage random (4)
- ↑ Solaris 10 manpage random (7d) ( Memento from February 16, 2009 in the Internet Archive )
- ↑ http://linux.die.net/man/4/urandom
- ↑ Archive link ( Memento from July 31, 2009 in the Internet Archive )
- ↑ http://www.cosy.sbg.ac.at/~andi/SUNrand/
- ↑ random (4) BSD Kernel Interfaces Manual. Retrieved April 21, 2013 .
- ↑ http://svn.freebsd.org/viewvc/base/head/sys/dev/random/randomdev.c?view=log
- ↑ AIX 5.2 / dev / random and / dev / urandom devices. Retrieved April 21, 2013 .
- ↑ Archive link ( Memento from September 21, 2013 in the Internet Archive )