/dev/random
/ dev / random is among many Unix-like operating systems, a character - oriented virtual device file can access the programs on a system-wide random number generator of high quality. As for network-oriented systems such as Unix cryptography services and thus random numbers play an important role, this file and the underlying driver has an important meaning.
The random number generator gathers environmental noise from device drivers and other sources into an entropy pool. The generator also stores an estimation of the number of bits in the entropy. From this pool, the random numbers are generated. When reading / dev / random as long random numbers back until the estimated entropy is exhausted. When the entropy pool is exhausted, block read access to / dev / random, was obtained until additional environmental noise. / dev / random should be suitable for applications that rely on a very high quality of randomness, such as encryption ( for example, one- time pad or key generation ). For performance reasons, only the seed of a pseudo - random number generator is used by / dev / random read (eg OpenSSL, PGP and GnuPG) in practice often.
The current level of Entropiepools can be on Linux from the file / proc / sys / kernel / random / determine entropy_avail.
/ dev / urandom
Off / dev / urandom (of English. Unlimited random (ness ) ) dev / random random numbers can be read as off / on. In contrast to the latter it is not blocked when a defined Entropieschwelle is undershot. In this case, it is theoretically possible that the pseudo-random numbers generated can be calculated by an attacker in retrospect. However, such is not known. If in doubt, with high requirements, eg one- time pads, fall back to / dev / random.
Standardization
/ dev / random (as well as / dev / urandom ) is neither 2.3 nor specified in the Filesystem Hierarchy Standard in the Single Unix Specification 3.0.
Implementations
/ dev / random on Solaris since Solaris 9 ( 2002) part of the kernel. The Linux kernel provides a / dev / random device provides at least since 2002. In a FreeBSD on the Yarrow algorithm based generator is used, / dev / random is supported since June 2000 ( FreeBSD 2.2). AIX has both / dev / random and / dev / urandom and since AIX 5.2 also uses a Yarrow implementation.
Improve the entropy
About software such as timer_entropyd, haveged, random sound, can be improved as well as the entropy increase or the entropy pool, allowing more random numbers are available. The GNU software rng -tools can be on Linux and similar operating systems physical random number generators to include.