]> git.saurik.com Git - apple/xnu.git/blame - bsd/man/man4/random.4
xnu-344.tar.gz
[apple/xnu.git] / bsd / man / man4 / random.4
CommitLineData
9bccf70c
A
1.Dd September 6, 2001
2.Dt RANDOM 4
3.Os Darwin
4.Sh NAME
5.Nm random
6,
7.Nm urandom
8.Nd random data source devices.
9.Sh SYNOPSIS
10.Cd "pseudo-device random"
11.Sh DESCRIPTION
12The
13.Nm
14device produces uniformly distributed random byte values
15of potentially high quality.
16.Pp
17To obtain random bytes, open
18.Nm /dev/random
19for reading and read from it.
20.Pp
21To add entropy to the random generation system, open
22.Nm /dev/random
23for writing and write data that you believe to be somehow random.
24.Pp
25.Nm /dev/urandom
26is a compatibility nod to Linux. On Linux,
27.Nm /dev/urandom
28will produce lower quality output if the entropy pool drains, while
29.Nm /dev/random
30will prefer to block and wait for additional entropy to be collected.
31With Yarrow, this choice and distinction is not necessary, and
32the two devices behave identically. You may use either.
33.Sh OPERATION
34The
35.Nm
36device implements the
37.Nm Yarrow
38pseudo random number generator algorithm and maintains its entropy pool.
39Addditional entropy is fed to the generator regularly by the
40.Nm SecurityServer
41daemon from random jitter measurements of the kernel.
42.Nm SecurityServer
43is also responsible for periodically saving some entropy to disk
44and reloading it during startup to provide entropy in early system
45operation.
46.Pp
47You may feed additional entropy to the generator by writing it to the
48.Nm
49device, though this is not required in a normal operating environment.
50.Sh LIMITATIONS AND WARNINGS
51.Nm Yarrow
52is a fairly resilient algorithm, and is believed
53to be resistant to non-root.
54The quality of its output is however dependent on regular addition
55of appropriate entropy. If the
56.Nm SecurityServer
57system daemon fails for any reason, output quality will suffer
58over time without any explicit indication from the
59.Nm
60device itself.
61.Pp
62Paranoid programmers can counter-act this risk somewhat by collecting
63entropy of their choice (e.g. from keystroke or mouse timings)
64and seeding it into
65.Nm
66directly before obtaining important random numbers.
67.Sh FILES
68.Bl -tag -width /dev/urandom -compact
69.It Pa /dev/random
70.It Pa /dev/urandom
71.El
72.Sh HISTORY
73A
74.Nm
75device appeared in Linux operating system.