random and urandom Devices

Purpose

Source of secure random output.

Description

The /dev/random and /dev/urandom character devices provide cryptographically secure random output generated from interrupt timings or input written to the devices.

The /dev/random device is intended to provide high quality, cryptographically secure random output and will only return output for which sufficient (an equal or greater amount) random input is available to generate the output. If insufficient random input is available, reads from the /dev/random device will block until the request can be fulfilled unless the O_NONBLOCK flag was specified when the device was opened, in which case as much high quality output as could be generated is returned with the error code EAGAIN.

The /dev/urandom device provides a reliable source of random output, however the output will not be generated from an equal amount of random input if insufficient input is available. Reads from the /dev/urandom device always return the quantity of output requested without blocking. If insufficient random input is available, alternate input will be processed by the random number generator to provide cryptographically secure output, the strength of which will reflect the strength of the algorithms used by the random number generator. Output generated without random input is theoretically less secure than output generated from random input, so /dev/random should be used for applications for which a high level of confidence in the security of the output is required.

Data written to either device is added to the pool of stored random input and may be used for generating output. Writes behave identically for both devices and will not block.

Implementation Specifics

The /dev/random and /dev/urandom devices are created from major and minor numbers assigned by the device configuration subsystem when the random number generator is loaded, so the device names should always be used when attempting to locate or open the devices. The devices are deleted when the random number generator is unloaded. When the system is shut down using the shutdown command, output is taken from the /dev/urandom device and is written back to the /dev/random device when the random number generator is loaded on the next boot to provide starting entropy to the generator, enhancing the quality of the stored random input after boot.

Input is gathered from interrupt timings when the pool of stored random input falls below half full and continues to be gathered until the pool is again full. This process causes a minor performance impact to all external interrupts while timings are being gathered, which ceases when timings cease to be gathered. Data written to either of the random devices will also contribute to the pool of stored random input and can influence the output, thus writing to these devices should be a privileged operation. This is enforced by the permissions of the devices, so it can be changed by the administrator to be completely disallowed if desired.