1IPSEC_RANBITS(8) IPSEC_RANBITS(8)
2
6 ipsec ranbits - generate random bits in ASCII form
7
9 ipsec ranbits [--quick] [--continuous] [--bytes] nbits
10
13 Ranbits obtains nbits (rounded up to the nearest byte) high-quality
14 random bits from random(4), and emits them on standard output as an
15 ASCII string. The default output format is datatot(3) h format: lower‐
16 case hexadecimal with a 0x prefix and an underscore every 32 bits.
17 The --quick option produces quick-and-dirty random bits: instead of us‐
20 ing the high-quality random bits from /dev/random, which may take some
21 time to supply the necessary bits if nbits is large, ranbits uses
22 /dev/urandom, which yields prompt results but lower-quality randomness.
23 The --continuous option uses datatot(3) x output format, like h but
26 without the underscores.
27 The --bytes option causes nbits to be interpreted as a byte count
30 rather than a bit count.
31
34 /dev/random, /dev/urandom
35
38 ipsec_datatot(3), random(4)
39
42 Written for the Linux FreeS/WAN project <http://www.freeswan.org:
43 http://www.freeswan.org> by Henry Spencer.
44
47 There is an internal limit on nbits, currently 20000.
48 Without --quick, ranbits's run time is difficult to predict. A request
51 for a large number of bits, at a time when the system's entropy pool is
52 low on randomness, may take quite a while to satisfy.
53 Though not a bug of ranbits, the direct use of /dev/hw_random, the Lin‐
56 ux hardware random number generator is not supported because it can
57 produce very non-random data. To properly use /dev/hw_random, the rngd
58 daemon should be used to read from /dev/hw_random and write to
59 /dev/random, while performing a FIPS test on the hardware random read.
60 No changes to Openswan are required for this support - just a running
61 rngd.
62 IPSEC_RANBITS(8)