1 .\" Copyright (c) 2001-2015 Mark R V Murray. All rights reserved.
3 .\" Redistribution and use in source and binary forms, with or without
4 .\" modification, are permitted provided that the following conditions
6 .\" 1. Redistributions of source code must retain the above copyright
7 .\" notice, this list of conditions and the following disclaimer.
8 .\" 2. Redistributions in binary form must reproduce the above copyright
9 .\" notice, this list of conditions and the following disclaimer in the
10 .\" documentation and/or other materials provided with the distribution.
12 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
13 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
14 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
15 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
16 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
17 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
18 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
19 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
20 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
21 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 .Nd the entropy device
34 .Cd "options RANDOM_LOADABLE"
35 .Cd "options RANDOM_ENABLE_UMA"
40 returns an endless supply of random bytes when read.
41 It also accepts and reads data
44 The generator will start in an
46 state, and will block reads until
47 it is seeded for the first time.
48 This may cause trouble at system boot
49 when keys and the like
52 so steps should be taken to ensure a
53 seeding as soon as possible.
57 by using the KERN_ARND sysctl.
61 .Dl "sysctl -x -B 16 kern.arandom"
63 This sysctl will not return
70 of random number generators
71 is a bootstrapping problem
72 that needs very careful attention.
75 to find enough randomness
76 to seed a random number generator
77 until a system is fully operational,
78 but the system requires random numbers
79 to become fully operational.
80 It is (or more accurately should be)
81 critically important that the
84 before the first time it is used.
85 In the case where a dummy or "blocking-only"
87 it is the responsibility
88 of the system architect
89 to ensure that no blocking reads
90 hold up critical processes.
92 To see the current settings of the software
94 device, use the command line:
96 .Dl "sysctl kern.random"
98 which results in something like:
99 .Bd -literal -offset indent
100 kern.random.fortuna.minpoolsize: 64
101 kern.random.harvest.mask_symbolic: [HIGH_PERFORMANCE], ... ,CACHED
102 kern.random.harvest.mask_bin: 00111111111
103 kern.random.harvest.mask: 511
104 kern.random.random_sources: 'Intel Secure Key RNG'
108 .Dl kern.random.fortuna.minpoolsize
110 .Dl kern.random.harvest.mask
111 all settings are read-only.
114 .Pa kern.random.fortuna.minpoolsize
116 to set the seed threshold.
117 A smaller number gives a faster seed,
118 but a less secure one.
120 values between 64 and 256
124 .Va kern.random.harvest.mask
125 bitmask is used to select
126 the possible entropy sources.
127 A 0 (zero) value means
128 the corresponding source
130 as an entropy source.
131 Set the bit to 1 (one)
135 .Va kern.random.harvest.mask_bin
137 .Va kern.random.harvest.mask_symbolic
139 can be used to confirm
140 that the choices are correct.
141 Note that disabled items
143 are listed in square brackets.
146 for more on the harvesting of entropy.
149 .Cd "options RANDOM_LOADABLE"
153 device is not created
154 until an "algorithm module"
156 The only module built by default is
160 module was removed in
162 Note that this loadable module
163 is slightly less efficient
164 than its compiled-in equivalent.
165 This is because some functions
166 must be locked against
167 load and unload events,
168 and also must be indirect calls
169 to allow for removal.
172 .Cd "options RANDOM_ENABLE_UMA"
176 device will obtain entropy
177 from the zone allocator.
178 This is potentially very high rate,
179 and if so will be of questionable use.
183 Determining this is not trivial,
184 so experimenting and measurement
189 The use of randomness in the field of computing
190 is a rather subtle issue because randomness means
191 different things to different people.
192 Consider generating a password randomly,
193 simulating a coin tossing experiment or
194 choosing a random back-off period when a server does not respond.
195 Each of these tasks requires random numbers,
196 but the random numbers in each case have different requirements.
198 Generation of passwords, session keys and the like
199 requires cryptographic randomness.
200 A cryptographic random number generator should be designed
201 so that its output is difficult to guess,
202 even if a lot of auxiliary information is known
203 (such as when it was seeded, subsequent or previous output, and so on).
206 seeding for cryptographic random number generators is provided by the
209 which provides real randomness.
212 library call provides a pseudo-random sequence
213 which is generally reckoned to be suitable for
214 simple cryptographic use.
215 The OpenSSL library also provides functions for managing randomness
216 via functions such as
220 Note that OpenSSL uses the
222 device for seeding automatically.
224 Randomness for simulation is required in engineering or
225 scientific software and games.
226 The first requirement of these applications is
227 that the random numbers produced conform to some well-known,
228 usually uniform, distribution.
229 The sequence of numbers should also appear numerically uncorrelated,
230 as simulation often assumes independence of its random inputs.
231 Often it is desirable to reproduce
232 the results of a simulation exactly,
233 so that if the generator is seeded in the same way,
234 it should produce the same results.
235 A peripheral concern for simulation is
236 the speed of a random number generator.
238 Another issue in simulation is
239 the size of the state associated with the random number generator, and
240 how frequently it repeats itself.
242 a program which shuffles a pack of cards should have 52!\& possible outputs,
243 which requires the random number generator to have 52!\& starting states.
244 This means the seed should have at least log_2(52!) ~ 226 bits of state
245 if the program is to stand a chance of outputting all possible sequences,
246 and the program needs some unbiased way of generating these bits.
250 device could be used for seeding here,
251 but in practice, smaller seeds are usually considered acceptable.
254 provides two families of functions which are considered
255 suitable for simulation.
258 family of functions provides a random integer
260 .if t 2\u\s731\s10\d\(mi1.
267 are provided for deterministically setting
268 the state of the generator and
271 is provided for setting the state via the
276 family of functions are also provided,
277 which provide random floating point numbers in various ranges.
279 Randomness that is used for collision avoidance
280 (for example, in certain network protocols)
281 has slightly different semantics again.
282 It is usually expected that the numbers will be uniform,
283 as this produces the lowest chances of collision.
285 the seeding of the generator is very important,
286 as it is required that different instances of
287 the generator produce independent sequences.
288 However, the guessability or reproducibility of the sequence is unimportant,
289 unlike the previous cases.
292 does also provide the traditional
295 for compatibility purposes.
297 it is known to be poor for simulation and
298 absolutely unsuitable for cryptographic purposes,
299 so its use is discouraged.
301 .Bl -tag -width ".Pa /dev/random"
317 .%B Cryptography Engineering
319 .%O ISBN 978-0-470-47424-2
326 The current software implementation,
330 .An Mark R V Murray ,
331 and is an implementation of the
333 algorithm by Ferguson
335 It replaces the previous
341 is no longer supported
343 and is therefore no longer available.