1random(7D) Devices random(7D)
2
6 random, urandom - Strong random number generator device
7
9 /dev/random
10 /dev/urandom
13
16 The /dev/random and /dev/urandom files are special files that are a
17 source for random bytes generated by the kernel random number generator
18 device. The /dev/random and /dev/urandom files are suitable for appli‐
19 cations requiring high quality random numbers for cryptographic pur‐
20 poses.
21 The generator device produces random numbers from data and devices
24 available to the kernel and estimates the amount of randomness (or
25 "entropy") collected from these sources. The entropy level determines
26 the amount of high quality random numbers that are produced at a given
27 time.
28 Applications retrieve random bytes by reading /dev/random or /dev/uran‐
31 dom. The /dev/random interface returns random bytes only when suffi‐
32 cient amount of entropy has been collected. If there is no entropy to
33 produce the requested number of bytes, /dev/random blocks until more
34 entropy can be obtained. Non-blocking I/O mode can be used to disable
35 the blocking behavior. The /dev/random interface also supports poll(2).
36 Note that using poll(2) will not increase the speed at which random
37 numbers can be read.
38 Bytes retrieved from /dev/random provide the highest quality random
41 numbers produced by the generator, and can be used to generate long
42 term keys and other high value keying material.
43 The /dev/urandom interface returns bytes regardless of the amount of
46 entropy available. It does not block on a read request due to lack of
47 entropy. While bytes produced by the /dev/urandom interface are of
48 lower quality than bytes produced by /dev/random, they are nonetheless
49 suitable for less demanding and shorter term cryptographic uses such as
50 short term session keys, paddings, and challenge strings.
51 Data can be written to /dev/random and /dev/urandom. Data written to
54 either special file is added to the generator's internal state. Data
55 that is difficult to predict by other users may contribute randomness
56 to the generator state and help improve the quality of future generated
57 random numbers.
58 /dev/random collects entropy from providers that are registered with
61 the kernel-level cryptographic framework and implement random number
62 generation routines. The cryptoadm(1M) utility allows an administrator
63 to configure which providers will be used with /dev/random.
64
66 EAGAIN O_NDELAY or O_NONBLOCK was set and no random bytes are
67 available for reading from /dev/random.
68 EINTR A signal was caught while reading and no data was
71 transferred.
72 ENOXIO open(2) request failed on /dev/random because no entropy
75 provider is available.
76
79 /dev/random
80 /dev/urandom
83
86 See attributes(5) for descriptions of the following attributes:
87 ┌─────────────────────────────┬─────────────────────────────┐
92 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
93 ├─────────────────────────────┼─────────────────────────────┤
94 │Availability │ SUNWcsr │
95 │Interface Stability │Evolving │
96 └─────────────────────────────┴─────────────────────────────┘
97
99 cryptoadm(1M), open(2), poll(2), attributes(5)
100
102 /dev/random can be configured to use only the hardware-based providers
103 registered with the kernel-level cryptographic framework by disabling
104 the software-based provider using cryptoadm(1M). You can also use cryp‐
105 toadm(1M) to obtain the name of the software-based provider.
106 Because no entropy is available, disabling all randomness providers
109 causes read(2) and poll(2) on /dev/random to block indefinitely and
110 results in a warning message being logged and displayed on the system
111 console. However, read(2) and poll(2) on /dev/urandom continue to work
112 in this case.
113 An implementation of the /dev/random and /dev/urandom kernel-based ran‐
116 dom number generator first appeared in Linux 1.3.30.
117 A /dev/random interface for Solaris first appeared as part of the Cryp‐
120 toRand implementation.
121SunOS 5.11 1 Sep 2008 random(7D)