2 .\" random.c -- A strong random number generator
4 .\" Version 0.92, last modified 21-Sep-95
6 .\" Copyright Theodore Ts'o, 1994, 1995. All rights reserved.
8 .\" Redistribution and use in source and binary forms, with or without
9 .\" modification, are permitted provided that the following conditions
11 .\" 1. Redistributions of source code must retain the above copyright
12 .\" notice, and the entire permission notice in its entirety,
13 .\" including the disclaimer of warranties.
14 .\" 2. Redistributions in binary form must reproduce the above copyright
15 .\" notice, this list of conditions and the following disclaimer in the
16 .\" documentation and/or other materials provided with the distribution.
17 .\" 3. The name of the author may not be used to endorse or promote
18 .\" products derived from this software without specific prior
19 .\" written permission.
21 .\" ALTERNATIVELY, this product may be distributed under the terms of
22 .\" the GNU Public License, in which case the provisions of the GPL are
23 .\" required INSTEAD OF the above restrictions. (This clause is
24 .\" necessary due to a potential bad interaction between the GPL and
25 .\" the restrictions contained in a BSD-style copyright.)
27 .\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
28 .\" WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
29 .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
30 .\" DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
31 .\" INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
32 .\" (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
33 .\" SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
34 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
35 .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
36 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
37 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
39 .\" $FreeBSD: src/usr.sbin/rndcontrol/random.4,v 1.9.2.2 2001/11/24 16:14:18 dd Exp $
40 .\" $DragonFly: src/usr.sbin/rndcontrol/random.4,v 1.11 2008/04/19 09:33:32 swildner Exp $
48 .Nd random number devices
50 This device gathers environmental noise from device drivers, etc.,
51 and returns good random numbers, suitable for cryptographic use.
52 Besides the obvious cryptographic uses, these numbers are also good
53 for seeding TCP sequence numbers, and other places where it is
54 desirable to have numbers which are not only random, but hard to
55 predict by an attacker.
56 .Ss Theory of operation
57 Computers are very predictable devices. Hence it is extremely hard
58 to produce truly random numbers on a computer \(em as opposed to
59 pseudo-random numbers, which can easily be generated by using an
60 algorithm. Unfortunately, it is very easy for attackers to guess
61 the sequence of pseudo-random number generators, and for some
62 applications this is not acceptable. So instead, we must try to
63 gather "environmental noise" from the computer's environment, which
64 must be hard for outside attackers to observe, and use that to
65 generate random numbers. In a Unix environment, this is best done
66 from inside the kernel.
68 Previous and contemporary
70 implementations typically used
71 an "entropy" pool which was processed with a cryptographic hash
72 function such as MD5. However, at the time of this writing security
73 issues have been discovered in some of these functions
74 (MD4, MD5, SHA0, SHA1).
76 This implementation uses a CSPRNG (Cryptographically Secure Pseudo
77 Random Number Generator) which is continuously reseeded as described above.
79 The user interface consists of two character devices
85 device is suitable for use when very high quality randomness is desired
86 (e.g. for key generation). Previous implementations of this device
87 attempted to limit the number of returned bytes based on a guess as to
88 the secureness of the pool. However, this resulted in the interface being
89 so undependable that most programs just started using /dev/urandom
90 instead of /dev/random.
93 implementation will return all requested bytes but the system reserves the
94 right in the future to limit the transfer rate to maintain the high quality
95 of randomness requested.
99 device uses a different and much faster algorithm, but one which is not
100 considered to be as secure (though for all practical purposes it probably
103 Root may write entropy to
105 to seed the random number generator only if the securelevel is less then
106 or equal to zero and the
108 sysctl is non-zero. A certain
109 degree of entropy is added by RC scripts during the boot sequence.
111 The current algorithms are implemented by
126 CSPRNG was developed by
132 CSPRNG (based on ARC4)
138 .Bl -tag -width Pa -compact