Site Navigation

FreeBSD Manual Pages

   man apropos
 
   All Sections 1 - General Commands 2 - System Calls 3 - Subroutines 4 - Special Files 5 - File Formats 6 - Games 7 - Macros and Conventions 8 - Maintenance Commands 9 - Kernel Interface n - New Commands FreeBSD 14.0-CURRENT FreeBSD 13.2-RELEASE FreeBSD 13.2-RELEASE and Ports FreeBSD 13.2-STABLE FreeBSD 13.1-RELEASE FreeBSD 13.1-RELEASE and Ports FreeBSD 13.0-RELEASE FreeBSD 13.0-RELEASE and Ports FreeBSD 12.4-RELEASE FreeBSD 12.4-RELEASE and Ports FreeBSD 12.4-STABLE FreeBSD 12.3-RELEASE FreeBSD 12.3-RELEASE and Ports FreeBSD 12.2-RELEASE FreeBSD 12.2-RELEASE and Ports FreeBSD 12.1-RELEASE FreeBSD 12.1-RELEASE and Ports FreeBSD 12.0-RELEASE FreeBSD 12.0-RELEASE and Ports FreeBSD 11.4-RELEASE FreeBSD 11.4-RELEASE and Ports FreeBSD 11.3-RELEASE FreeBSD 11.3-RELEASE and Ports FreeBSD 11.2-RELEASE FreeBSD 11.2-RELEASE and Ports FreeBSD 11.1-RELEASE FreeBSD 11.1-RELEASE and Ports FreeBSD 11.0-RELEASE FreeBSD 11.0-RELEASE and Ports FreeBSD 10.4-RELEASE FreeBSD 10.4-RELEASE and Ports FreeBSD 10.3-RELEASE FreeBSD 10.3-RELEASE and Ports FreeBSD 10.2-RELEASE FreeBSD 10.2-RELEASE and Ports FreeBSD 10.1-RELEASE FreeBSD 10.1-RELEASE and Ports FreeBSD 10.0-RELEASE FreeBSD 10.0-RELEASE and Ports FreeBSD 9.3-RELEASE FreeBSD 9.3-RELEASE and Ports FreeBSD 9.2-RELEASE FreeBSD 9.2-RELEASE and Ports FreeBSD 9.1-RELEASE FreeBSD 9.1-RELEASE and Ports FreeBSD 9.0-RELEASE FreeBSD 9.0-RELEASE and Ports FreeBSD 8.4-RELEASE FreeBSD 8.4-RELEASE and Ports FreeBSD 8.3-RELEASE FreeBSD 8.3-RELEASE and Ports FreeBSD 8.2-RELEASE FreeBSD 8.2-RELEASE and Ports FreeBSD 8.1-RELEASE FreeBSD 8.1-RELEASE and Ports FreeBSD 8.0-RELEASE FreeBSD 8.0-RELEASE and Ports FreeBSD 7.4-RELEASE FreeBSD 7.4-RELEASE and Ports FreeBSD 7.3-RELEASE FreeBSD 7.3-RELEASE and Ports FreeBSD 7.2-RELEASE FreeBSD 7.2-RELEASE and Ports FreeBSD 7.1-RELEASE FreeBSD 7.1-RELEASE and Ports FreeBSD 7.0-RELEASE FreeBSD 6.4-RELEASE FreeBSD 6.4-RELEASE and Ports FreeBSD 6.3-RELEASE FreeBSD 6.3-RELEASE and Ports FreeBSD 6.2-RELEASE FreeBSD 6.1-RELEASE FreeBSD 6.0-RELEASE FreeBSD 6.0-RELEASE and Ports FreeBSD 5.5-RELEASE FreeBSD 5.5-RELEASE and Ports FreeBSD 5.4-RELEASE FreeBSD 5.4-RELEASE and Ports FreeBSD 5.3-RELEASE FreeBSD 5.3-RELEASE and Ports FreeBSD 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE and Ports FreeBSD 5.2-RELEASE FreeBSD 5.2-RELEASE and Ports FreeBSD 5.1-RELEASE FreeBSD 5.0-RELEASE FreeBSD 4.11-RELEASE FreeBSD 4.11-RELEASE and Ports FreeBSD 4.10-RELEASE FreeBSD 4.10-RELEASE and Ports FreeBSD 4.9-RELEASE FreeBSD 4.9-RELEASE and Ports FreeBSD 4.8-RELEASE FreeBSD 4.8-RELEASE and Ports FreeBSD 4.7-RELEASE FreeBSD 4.6.2-RELEASE FreeBSD 4.6.2-RELEASE and Ports FreeBSD 4.6-RELEASE FreeBSD 4.6-RELEASE and Ports FreeBSD 4.5-RELEASE FreeBSD 4.5-RELEASE and Ports FreeBSD 4.4-RELEASE FreeBSD 4.3-RELEASE FreeBSD 4.3-RELEASE and Ports FreeBSD 4.2-RELEASE FreeBSD 4.2-RELEASE and Ports FreeBSD 4.1.1-RELEASE FreeBSD 4.1.1-RELEASE and Ports FreeBSD 4.1-RELEASE FreeBSD 4.0-RELEASE FreeBSD 3.5.1-RELEASE FreeBSD 3.5.1-RELEASE and Ports FreeBSD 3.5-RELEASE and Ports FreeBSD 3.4-RELEASE FreeBSD 3.4-RELEASE and Ports FreeBSD 3.3-RELEASE FreeBSD 3.2-RELEASE FreeBSD 3.1-RELEASE FreeBSD 3.0-RELEASE FreeBSD 2.2.8-RELEASE FreeBSD 2.2.8-RELEASE and Ports FreeBSD 2.2.7-RELEASE FreeBSD 2.2.6-RELEASE FreeBSD 2.2.5-RELEASE FreeBSD 2.2.2-RELEASE FreeBSD 2.2.1-RELEASE FreeBSD 2.1.7.1-RELEASE FreeBSD 2.1.6.1-RELEASE FreeBSD 2.1.5-RELEASE FreeBSD 2.1.0-RELEASE FreeBSD 2.0.5-RELEASE FreeBSD 2.0-RELEASE FreeBSD 1.1.5.1-RELEASE FreeBSD 1.1-RELEASE FreeBSD 1.0-RELEASE FreeBSD Ports 13.2 FreeBSD Ports 13.1 FreeBSD Ports 13.0 FreeBSD Ports 12.4 FreeBSD Ports 12.3 FreeBSD Ports 12.2 FreeBSD Ports 12.1 FreeBSD Ports 12.0 FreeBSD Ports 11.4 FreeBSD Ports 11.3 FreeBSD Ports 11.2 FreeBSD Ports 11.1 FreeBSD Ports 11.0 FreeBSD Ports 10.4 FreeBSD Ports 10.3 FreeBSD Ports 10.2 FreeBSD Ports 10.1 FreeBSD Ports 10.0 FreeBSD Ports 9.3 FreeBSD Ports 9.2 FreeBSD Ports 9.1 FreeBSD Ports 9.0 FreeBSD Ports 8.4 FreeBSD Ports 8.3 FreeBSD Ports 8.2 FreeBSD Ports 8.1 FreeBSD Ports 8.0 FreeBSD Ports 7.4 FreeBSD Ports 7.3 FreeBSD Ports 7.2 FreeBSD Ports 7.1 FreeBSD Ports 7.0 FreeBSD Ports 6.4 FreeBSD Ports 6.3 FreeBSD Ports 6.2 FreeBSD Ports 6.0 FreeBSD Ports 5.5 FreeBSD Ports 5.4 FreeBSD Ports 5.3 FreeBSD Ports 5.2.1 FreeBSD Ports 5.2 FreeBSD Ports 5.1 FreeBSD Ports 4.11 FreeBSD Ports 4.10 FreeBSD Ports 4.9 FreeBSD Ports 4.8 FreeBSD Ports 4.7 FreeBSD Ports 4.6.2 FreeBSD Ports 4.6 FreeBSD Ports 4.5 FreeBSD Ports 4.3 FreeBSD Ports 4.2 FreeBSD Ports 4.1.1 FreeBSD Ports 3.5.1 FreeBSD Ports 3.5 FreeBSD Ports 3.4 FreeBSD Ports 2.2.8 4.4BSD Lite2 4.3BSD NET/2 4.3BSD Reno 2.11 BSD 2.10 BSD 2.9.1 BSD 2.8 BSD 386BSD 0.1 386BSD 0.0 CentOS 7.1 CentOS 7.0 CentOS 6.6 CentOS 6.5 CentOS 6.4 CentOS 6.3 CentOS 6.2 CentOS 6.1 CentOS 6.0 CentOS 5.11 CentOS 5.10 CentOS 5.9 CentOS 5.8 CentOS 5.7 CentOS 5.6 CentOS 5.5 CentOS 5.4 CentOS 4.8 CentOS 3.9 Darwin 8.0.1/ppc Darwin 7.0.1 Darwin 6.0.2/x86 Darwin 1.4.1/x86 Darwin 1.3.1/x86 Debian 8.1.0 Debian 7.8.0 Debian 6.0.10 Debian 5.0.10 Debian 4.0.9 Debian 3.1.8 Debian 2.2.7 HP-UX 11.22 HP-UX 11.20 HP-UX 11.11 HP-UX 11.00 HP-UX 10.20 HP-UX 10.10 HP-UX 10.01 HP-UX 9.07 HP-UX 8.07 IRIX 6.5.30 Inferno 4th Edition Linux Slackware 3.1 MACH 2.5/i386 Minix 2.0 NetBSD 9.3 NetBSD 9.2 NetBSD 9.1 NetBSD 9.0 NetBSD 8.2 NetBSD 8.1 NetBSD 8.0 NetBSD 7.1 NetBSD 7.0 NetBSD 6.1.5 NetBSD 6.0 NetBSD 5.1 NetBSD 5.0 NetBSD 4.0.1 NetBSD 4.0 NetBSD 3.1 NetBSD 3.0 NetBSD 2.1 NetBSD 2.0.2 NetBSD 2.0 NetBSD 1.6.2 NetBSD 1.6.1 NetBSD 1.6 NetBSD 1.5.3 NetBSD 1.5.2 NetBSD 1.5.1 NetBSD 1.5 NetBSD 1.4.3 NetBSD 1.4.2 NetBSD 1.4.1 NetBSD 1.4 NetBSD 1.3.3 NetBSD 1.3.2 NetBSD 1.3.1 NetBSD 1.3 NetBSD 1.2.1 NetBSD 1.2 NetBSD 1.1 NetBSD 1.0 NeXTSTEP 3.3 OpenBSD 7.3 OpenBSD 7.2 OpenBSD 7.1 OpenBSD 7.0 OpenBSD 6.9 OpenBSD 6.8 OpenBSD 6.7 OpenBSD 6.6 OpenBSD 6.5 OpenBSD 6.4 OpenBSD 6.3 OpenBSD 6.2 OpenBSD 6.1 OpenBSD 6.0 OpenBSD 5.9 OpenBSD 5.8 OpenBSD 5.7 OpenBSD 5.6 OpenBSD 5.5 OpenBSD 5.4 OpenBSD 5.3 OpenBSD 5.2 OpenBSD 5.1 OpenBSD 5.0 OpenBSD 4.9 OpenBSD 4.8 OpenBSD 4.7 OpenBSD 4.6 OpenBSD 4.5 OpenBSD 4.4 OpenBSD 4.3 OpenBSD 4.2 OpenBSD 4.1 OpenBSD 4.0 OpenBSD 3.9 OpenBSD 3.8 OpenBSD 3.7 OpenBSD 3.6 OpenBSD 3.5 OpenBSD 3.4 OpenBSD 3.3 OpenBSD 3.2 OpenBSD 3.1 OpenBSD 3.0 OpenBSD 2.9 OpenBSD 2.8 OpenBSD 2.7 OpenBSD 2.6 OpenBSD 2.5 OpenBSD 2.4 OpenBSD 2.3 OpenBSD 2.2 OpenBSD 2.1 OpenBSD 2.0 OpenDarwin 7.2.1 OpenDarwin 6.6.1/x86 OpenStep 4.2 OSF1 V5.1/alpha OSF1 V4.0/alpha OSF1 V1.0/mips OpenDarwin 20030208pre4/ppc OpenDarwin 6.6.2/x86 Plan 9 Red Hat 8.0 Red Hat 7.3 Red Hat 7.2 Red Hat 7.1 Red Hat 7.0 Red Hat 6.2 Red Hat 6.1 Red Hat 5.2 Red Hat 5.0 Red Hat 4.2 Red Hat 9 Rhapsody DR1 Rhapsody DR2 Sun UNIX 0.4 SunOS 5.10 SunOS 5.9 SunOS 5.8 SunOS 5.7 SunOS 5.6 SunOS 5.5.1 SunOS 4.1.3 SuSE 11.3 SuSE 11.2 SuSE 11.1 SuSE 11.0 SuSE 10.3 SuSE 10.2 SuSE 10.1 SuSE 10.0 SuSE 9.3 SuSE 9.2 SuSE 8.2 SuSE 8.1 SuSE 8.0 SuSE 7.3 SuSE 7.2 SuSE 7.1 SuSE 7.0 SuSE 6.4 SuSE 6.3 SuSE 6.1 SuSE 6.0 SuSE 5.3 SuSE 5.2 SuSE 5.0 SuSE 4.3 SuSE ES 10 SP1 ULTRIX 4.2 Ultrix-32 2.0/VAX Unix Seventh Edition X11R7.4 X11R7.3.2 X11R7.2 X11R6.9.0 X11R6.8.2 X11R6.7.0 XFree86 4.8.0 XFree86 4.7.0 XFree86 4.6.0 XFree86 4.5.0 XFree86 4.4.0 XFree86 4.3.0 XFree86 4.2.99.3 XFree86 4.2.0 XFree86 4.1.0 XFree86 4.0.2 XFree86 4.0.1 XFree86 4.0 XFree86 3.3.6 XFree86 3.3 XFree86 2.1 All Architectures amd64 arm i386 powerpc sparc64 html pdf ascii

home | help

---

RANDOM(4)		 BSD Kernel Interfaces Manual		     RANDOM(4)

NAME
     random -- the entropy device

SYNOPSIS
     device random

DESCRIPTION
     The random	device returns an endless supply of random bytes when read.
     It	also accepts and reads data as any ordinary (and willing) file,	but
     discards data written to it.  The device will probe for certain hardware
     entropy sources, and use these in preference to the fallback, which is a
     generator implemented in software.

     If	the device is using the	software generator, writing data to random
     would perturb the internal	state.	This perturbation of the internal
     state is the only userland	method of introducing extra entropy into the
     device.  If the writer has	superuser privilege, then closing the device
     after writing will	make the software generator reseed itself.  This can
     be	used for extra security, as it immediately introduces any/all new en-
     tropy into	the PRNG.  The hardware	generators will	generate sufficient
     quantities	of entropy, and	will therefore ignore user-supplied input.
     The software random device	may be controlled with sysctl(8).

     To	see the	current	settings of the	software random	device,	use the	com-
     mand line:

	   sysctl kern.random

     which results in something	like:

	   kern.random.sys.seeded: 1
	   kern.random.sys.harvest.ethernet: 1
	   kern.random.sys.harvest.point_to_point: 1
	   kern.random.sys.harvest.interrupt: 1
	   kern.random.sys.harvest.swi:	0
	   kern.random.yarrow.gengateinterval: 10
	   kern.random.yarrow.bins: 10
	   kern.random.yarrow.fastthresh: 192
	   kern.random.yarrow.slowthresh: 256
	   kern.random.yarrow.slowoverthresh: 2

     (These would not be seen if a hardware generator is present.)

     All settings are read/write.

     The kern.random.sys.seeded	variable indicates whether or not the random
     device is in an acceptably	secure state as	a result of reseeding.	If set
     to	0, the device will block (on read) until the next reseed (which	can be
     from an explicit write, or	as a result of entropy harvesting).  A reseed
     will set the value	to 1 (non-blocking).

     The kern.random.sys.harvest.ethernet variable is used to select LAN traf-
     fic as an entropy source.	A 0 (zero) value means that LAN	traffic	is not
     considered	as an entropy source.  Set the variable	to 1 (one) if you wish
     to	use LAN	traffic	for entropy harvesting.

     The kern.random.sys.harvest.point_to_point	variable is used to select se-
     rial line traffic as an entropy source.  (Serial line traffic includes
     PPP, SLIP and all tun0 traffic.)  A 0 (zero) value	means such traffic is
     not considered as an entropy source.  Set the variable to 1 (one) if you
     wish to use it for	entropy	harvesting.

     The kern.random.sys.harvest.interrupt variable is used to select hardware
     interrupts	as an entropy source.  A 0 (zero) value	means hardware inter-
     rupts are not considered as an entropy source.  Set the variable to 1
     (one) if you wish to use them for entropy harvesting.  All	hardware in-
     terrupt harvesting	is set up by the individual device drivers.

     The kern.random.sys.harvest.swi variable is used to select	software in-
     terrupts as an entropy source.  A 0 (zero)	value means software inter-
     rupts are not considered as an entropy source.  Set the variable to 1
     (one) if you wish to use them for entropy harvesting.

     The other variables are explained in the paper describing the Yarrow al-
     gorithm at	http://www.schneier.com/yarrow.html.

     These variables are all limited in	terms of the values they may contain:
	   kern.random.yarrow.gengateinterval  [4..64]
	   kern.random.yarrow.bins	       [2..16]
	   kern.random.yarrow.fastthresh       [64..256]
	   kern.random.yarrow.slowthresh       [64..256]
	   kern.random.yarrow.slowoverthresh   [1..5]

     Internal sysctl(3)	handlers force the above variables into	the stated
     ranges.

RANDOMNESS
     The use of	randomness in the field	of computing is	a rather subtle	issue
     because randomness	means different	things to different people.  Consider
     generating	a password randomly, simulating	a coin tossing experiment or
     choosing a	random back-off	period when a server does not respond.	Each
     of	these tasks requires random numbers, but the random numbers in each
     case have different requirements.

     Generation	of passwords, session keys and the like	requires cryptographic
     randomness.  A cryptographic random number	generator should be designed
     so	that its output	is difficult to	guess, even if a lot of	auxiliary in-
     formation is known	(such as when it was seeded, subsequent	or previous
     output, and so on).  On FreeBSD, seeding for cryptographic	random number
     generators	is provided by the random device, which	provides real random-
     ness.  The	arc4random(3) library call provides a pseudo-random sequence
     which is generally	reckoned to be suitable	for simple cryptographic use.
     The OpenSSL library also provides functions for managing randomness via
     functions such as RAND_bytes(3) and RAND_add(3).  Note that OpenSSL uses
     the random	device for seeding automatically.

     Randomness	for simulation is required in engineering or scientific	soft-
     ware and games.  The first	requirement of these applications is that the
     random numbers produced conform to	some well-known, usually uniform, dis-
     tribution.	 The sequence of numbers should	also appear numerically	uncor-
     related, as simulation often assumes independence of its random inputs.
     Often it is desirable to reproduce	the results of a simulation exactly,
     so	that if	the generator is seeded	in the same way, it should produce the
     same results.  A peripheral concern for simulation	is the speed of	a ran-
     dom number	generator.

     Another issue in simulation is the	size of	the state associated with the
     random number generator, and how frequently it repeats itself.  For exam-
     ple, a program which shuffles a pack of cards should have 52! possible
     outputs, which requires the random	number generator to have 52! starting
     states.  This means the seed should have at least log_2(52!) ~ 226	bits
     of	state if the program is	to stand a chance of outputting	all possible
     sequences,	and the	program	needs some unbiased way	of generating these
     bits.  Again, the random device could be used for seeding here, but in
     practice, smaller seeds are usually considered acceptable.

     FreeBSD provides two families of functions	which are considered suitable
     for simulation.  The random(3) family of functions	provides a random in-
     teger between 0 to	(2**31)-1.  The	functions srandom(3), initstate(3) and
     setstate(3) are provided for deterministically setting the	state of the
     generator and the function	srandomdev(3) is provided for setting the
     state via the random device.  The drand48(3) family of functions are also
     provided, which provide random floating point numbers in various ranges.

     Randomness	that is	used for collision avoidance (for example, in certain
     network protocols)	has slightly different semantics again.	 It is usually
     expected that the numbers will be uniform,	as this	produces the lowest
     chances of	collision.  Here again,	the seeding of the generator is	very
     important,	as it is required that different instances of the generator
     produce independent sequences.  However, the guessability or repro-
     ducibility	of the sequence	is unimportant,	unlike the previous cases.

     One final consideration for the seeding of	random number generators is a
     bootstrapping problem.  In	some cases, it may be difficult	to find	enough
     randomness	to seed	a random number	generator until	a system is fully op-
     erational,	but the	system requires	random numbers to become fully opera-
     tional.  There is no substitute for careful thought here, but the FreeBSD
     random device, which is based on the Yarrow system, should	be of some
     help in this area.

     FreeBSD does also provide the traditional rand(3) library call, for com-
     patibility	purposes.  However, it is known	to be poor for simulation and
     absolutely	unsuitable for cryptographic purposes, so its use is discour-
     aged.

FILES
     /dev/random

SEE ALSO
     arc4random(3), drand48(3),	rand(3), RAND_add(3), RAND_bytes(3),
     random(3),	sysctl(8)

HISTORY
     A random device appeared in FreeBSD 2.2.  The early version was taken
     from Theodore Ts'o's entropy driver for Linux.  The current software im-
     plementation, introduced in FreeBSD 5.0, is a complete rewrite by Mark R
     V Murray, and is an implementation	of the Yarrow algorithm	by Bruce
     Schneier, et al.  The only	hardware implementation	currently is for the
     VIA C3 Nehemiah (stepping 3 or greater) CPU.  More	will be	added in the
     future.

     The author	gratefully acknowledges	significant assistance from VIA	Tech-
     nologies, Inc.

BSD			       September 7, 2012			   BSD

---

NAME | SYNOPSIS | DESCRIPTION | RANDOMNESS | FILES | SEE ALSO | HISTORY

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=random&sektion=4&manpath=FreeBSD+8.4-RELEASE>

home | help

---

Legal Notices | © 1995-2023 The FreeBSD Project. All rights reserved.

Contact