suzanne.soy/man-pages
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
gh-pages
man-pages/man7/random.7.html
Suzanne Soy 4c89183f2b Added man pages from my system
2021-03-31 01:06:50 +01:00

316 lines
7.6 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of RANDOM</TITLE>
</HEAD><BODY>
<H1>RANDOM</H1>
Section: Linux Programmer's Manual (7)<BR>Updated: 2017-03-13<BR><A HREF="#index">Index</A>
<A HREF="/cgi-bin/man/man2html">Return to Main Contents</A><HR>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
random - overview of interfaces for obtaining randomness
<A NAME="lbAC">&nbsp;</A>
<H2>DESCRIPTION</H2>
The kernel random-number generator relies on entropy gathered from
device drivers and other sources of environmental noise to seed
a cryptographically secure pseudorandom number generator (CSPRNG).
It is designed for security, rather than speed.
<P>
The following interfaces provide access to output from the kernel CSPRNG:
<DL COMPACT>
<DT id="1">*<DD>
The
<I>/dev/urandom</I>
and
<I>/dev/random</I>
devices, both described in
<B><A HREF="/cgi-bin/man/man2html?4+random">random</A></B>(4).
These devices have been present on Linux since early times,
and are also available on many other systems.
<DT id="2">*<DD>
The Linux-specific
<B><A HREF="/cgi-bin/man/man2html?2+getrandom">getrandom</A></B>(2)
system call, available since Linux 3.17.
This system call provides access either to the same source as
<I>/dev/urandom</I>
(called the
<I>urandom</I>
source in this page)
or to the same source as
<I>/dev/random</I>
(called the
<I>random</I>
source in this page).
The default is the
<I>urandom</I>
source; the
<I>random</I>
source is selected by specifying the
<B>GRND_RANDOM</B>
flag to the system call.
(The
<B><A HREF="/cgi-bin/man/man2html?3+getentropy">getentropy</A></B>(3)
function provides a slightly more portable interface on top of
<B><A HREF="/cgi-bin/man/man2html?2+getrandom">getrandom</A></B>(2).)
</DL>
<A NAME="lbAD">&nbsp;</A>
<H3>Initialization of the entropy pool</H3>
The kernel collects bits of entropy from the environment.
When a sufficient number of random bits has been collected, the
entropy pool is considered to be initialized.
<A NAME="lbAE">&nbsp;</A>
<H3>Choice of random source</H3>
Unless you are doing long-term key generation (and most likely not even
then), you probably shouldn't be reading from the
<I>/dev/random</I>
device or employing
<B><A HREF="/cgi-bin/man/man2html?2+getrandom">getrandom</A></B>(2)
with the
<B>GRND_RANDOM</B>
flag.
Instead, either read from the
<I>/dev/urandom</I>
device or employ
<B><A HREF="/cgi-bin/man/man2html?2+getrandom">getrandom</A></B>(2)
without the
<B>GRND_RANDOM</B>
flag.
The cryptographic algorithms used for the
<I>urandom</I>
source are quite conservative, and so should be sufficient for all purposes.
<P>
The disadvantage of
<B>GRND_RANDOM</B>
and reads from
<I>/dev/random</I>
is that the operation can block for an indefinite period of time.
Furthermore, dealing with the partially fulfilled
requests that can occur when using
<B>GRND_RANDOM</B>
or when reading from
<I>/dev/random</I>
increases code complexity.
<A NAME="lbAF">&nbsp;</A>
<H3>Monte Carlo and other probabilistic sampling applications</H3>
Using these interfaces to provide large quantities of data for
Monte Carlo simulations or other programs/algorithms which are
doing probabilistic sampling will be slow.
Furthermore, it is unnecessary, because such applications do not
need cryptographically secure random numbers.
Instead, use the interfaces described in this page to obtain
a small amount of data to seed a user-space pseudorandom
number generator for use by such applications.
<A NAME="lbAG">&nbsp;</A>
<H3>Comparison between getrandom, /dev/urandom, and /dev/random</H3>
The following table summarizes the behavior of the various
interfaces that can be used to obtain randomness.
<B>GRND_NONBLOCK</B>
is a flag that can be used to control the blocking behavior of
<B><A HREF="/cgi-bin/man/man2html?2+getrandom">getrandom</A></B>(2).
The final column of the table considers the case that can occur
in early boot time when the entropy pool is not yet initialized.
<TABLE BORDER>
<TR VALIGN=top><TD><B>Interface</B></TD><TD><B>Pool</B></TD><TD><B>
Blocking
behavior
</B></TD><TD><B>
Behavior when pool is not yet ready
</B><BR></TD></TR>
<TR VALIGN=top><TD>
<I>/dev/random</I>
</TD><TD>
Blocking pool
</TD><TD>
If entropy too low, blocks until there is enough entropy again
</TD><TD>
Blocks until enough entropy gathered
<BR></TD></TR>
<TR VALIGN=top><TD>
<I>/dev/urandom</I>
</TD><TD>
CSPRNG output
</TD><TD>
Never blocks
</TD><TD>
Returns output from uninitialized CSPRNG (may be low entropy and unsuitable for cryptography)
<BR></TD></TR>
<TR VALIGN=top><TD>
<B>getrandom</B>()
</TD><TD>
Same as
<I>/dev/urandom</I>
</TD><TD>
Does not block once is pool ready
</TD><TD>
Blocks until pool ready
<BR></TD></TR>
<TR VALIGN=top><TD>
<B>getrandom</B>()
<B>GRND_RANDOM</B>
</TD><TD>
Same as
<I>/dev/random</I>
</TD><TD>
If entropy too low, blocks until there is enough entropy again
</TD><TD>
Blocks until pool ready
<BR></TD></TR>
<TR VALIGN=top><TD>
<B>getrandom</B>()
<B>GRND_NONBLOCK</B>
</TD><TD>
Same as
<I>/dev/urandom</I>
</TD><TD>
Does not block once is pool ready
</TD><TD>
<B>EAGAIN</B>
<BR></TD></TR>
<TR VALIGN=top><TD>
<B>getrandom</B>()
<B>GRND_RANDOM</B>
+
<B>GRND_NONBLOCK</B>
</TD><TD>
Same as
<I>/dev/random</I>
</TD><TD>
<B>EAGAIN</B>
if not enough entropy available
</TD><TD>
<B>EAGAIN</B>
<BR></TD></TR>
</TABLE>
<A NAME="lbAH">&nbsp;</A>
<H3>Generating cryptographic keys</H3>
The amount of seed material required to generate a cryptographic key
equals the effective key size of the key.
For example, a 3072-bit RSA
or Diffie-Hellman private key has an effective key size of 128 bits
(it requires about 2^128 operations to break) so a key generator
needs only 128 bits (16 bytes) of seed material from
<I>/dev/random</I>.
<P>
While some safety margin above that minimum is reasonable, as a guard
against flaws in the CSPRNG algorithm, no cryptographic primitive
available today can hope to promise more than 256 bits of security,
so if any program reads more than 256 bits (32 bytes) from the kernel
random pool per invocation, or per reasonable reseed interval (not less
than one minute), that should be taken as a sign that its cryptography is
<I>not</I>
skillfully implemented.
<A NAME="lbAI">&nbsp;</A>
<H2>SEE ALSO</H2>
<B><A HREF="/cgi-bin/man/man2html?2+getrandom">getrandom</A></B>(2),
<B><A HREF="/cgi-bin/man/man2html?3+getauxval">getauxval</A></B>(3),
<B><A HREF="/cgi-bin/man/man2html?3+getentropy">getentropy</A></B>(3),
<B><A HREF="/cgi-bin/man/man2html?4+random">random</A></B>(4),
<B><A HREF="/cgi-bin/man/man2html?4+urandom">urandom</A></B>(4),
<B><A HREF="/cgi-bin/man/man2html?7+signal">signal</A></B>(7)
<A NAME="lbAJ">&nbsp;</A>
<H2>COLOPHON</H2>
This page is part of release 5.05 of the Linux
<I>man-pages</I>
project.
A description of the project,
information about reporting bugs,
and the latest version of this page,
can be found at
<A HREF="https://www.kernel.org/doc/man-pages/.">https://www.kernel.org/doc/man-pages/.</A>
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT id="3"><A HREF="#lbAB">NAME</A><DD>
<DT id="4"><A HREF="#lbAC">DESCRIPTION</A><DD>
<DL>
<DT id="5"><A HREF="#lbAD">Initialization of the entropy pool</A><DD>
<DT id="6"><A HREF="#lbAE">Choice of random source</A><DD>
<DT id="7"><A HREF="#lbAF">Monte Carlo and other probabilistic sampling applications</A><DD>
<DT id="8"><A HREF="#lbAG">Comparison between getrandom, /dev/urandom, and /dev/random</A><DD>
<DT id="9"><A HREF="#lbAH">Generating cryptographic keys</A><DD>
</DL>
<DT id="10"><A HREF="#lbAI">SEE ALSO</A><DD>
<DT id="11"><A HREF="#lbAJ">COLOPHON</A><DD>
</DL>
<HR>
This document was created by
<A HREF="/cgi-bin/man/man2html">man2html</A>,
using the manual pages.<BR>
Time: 00:06:09 GMT, March 31, 2021
</BODY>
</HTML>
Reference in New Issue View Git Blame Copy Permalink