RANDOM(4) BSD Kernel Interfaces Manual RANDOM(4)NAME
random , urandom — random data source devices.
SYNOPSIS
pseudo-device random
DESCRIPTION
The random device produces uniformly distributed random byte values of
potentially high quality.
To obtain random bytes, open /dev/random for reading and read from it.
To add entropy to the random generation system, open /dev/random for
writing and write data that you believe to be somehow random.
/dev/urandom is a compatibility nod to Linux. On Linux, /dev/urandom will
produce lower quality output if the entropy pool drains, while
/dev/random will prefer to block and wait for additional entropy to be
collected. With Yarrow, this choice and distinction is not necessary,
and the two devices behave identically. You may use either.
OPERATION
The random device implements the Yarrow pseudo random number generator
algorithm and maintains its entropy pool. Addditional entropy is fed to
the generator regularly by the SecurityServer daemon from random jitter
measurements of the kernel. SecurityServer is also responsible for peri‐
odically saving some entropy to disk and reloading it during startup to
provide entropy in early system operation.
You may feed additional entropy to the generator by writing it to the
random device, though this is not required in a normal operating environ‐
ment.
LIMITATIONS AND WARNINGS
Yarrow is a fairly resilient algorithm, and is believed to be resistant
to non-root. The quality of its output is however dependent on regular
addition of appropriate entropy. If the SecurityServer system daemon
fails for any reason, output quality will suffer over time without any
explicit indication from the random device itself.
Paranoid programmers can counter-act this risk somewhat by collecting
entropy of their choice (e.g. from keystroke or mouse timings) and seed‐
ing it into random directly before obtaining important random numbers.
FILES
/dev/random
/dev/urandom
HISTORY
A random device appeared in Linux operating system.
Darwin September 6, 2001 Darwin