Source of secure random data
|You must be root to start this service.|
All supported platforms.
The random service runs in the background providing a source of secure, random data suitable for encryption and security. The service builds its internal pool of random data from sources specified when it is started. These sources may include timers, interrupts, and detailed system runtime information. The service makes this random data available by providing a device entry (/dev/random) that can be read by any application.
The user controls all of the sources to be used to collect random data by specifying source options on the command line.
|Using interrupts as sources imposes an overhead on system performance. When using the i option, you might want to minimize the impact of this overhead by specifying only one or two interrupts from low interrupt rate devices like disk drivers and input/serial devices.|
Start the random service using three PC interrupts as sources:
random -i12 -i14 -i15
From an application, read 4 bytes of random data like this:
int data; int fd; fd = open( "/dev/random", O_RDWR ); if( fd == -1 ) exit( 1 ); read( fd, &data, sizeof( data ) ); close( fd );
When an error occurs, random sends a description of the error to stderr and does not create /dev/random.
The random service uses the core algorithm from the copyright-free Yarrow pseudorandom number generator (PRNG) from Counterpane Security (http://www.counterpane.com/yarrow.html). Bruce Schneier and John Kelsey designed the Yarrow PRNG.
The random service will not work unless you specify at least one source of random data (options -p, -t, or -i).