1.\" $OpenBSD: arc4random.3,v 1.27 2008/12/23 18:31:02 deraadt Exp $ 2.\" 3.\" Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de> 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. All advertising materials mentioning features or use of this software 15.\" must display the following acknowledgement: 16.\" This product includes software developed by Niels Provos. 17.\" 4. The name of the author may not be used to endorse or promote products 18.\" derived from this software without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 21.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 22.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 23.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 24.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 25.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 26.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 27.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 29.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30.\" 31.\" Manual page, using -mandoc macros 32.\" 33.Dd $Mdocdate: December 23 2008 $ 34.Dt ARC4RANDOM 3 35.Os 36.Sh NAME 37.Nm arc4random , 38.Nm arc4random_buf , 39.Nm arc4random_uniform , 40.Nm arc4random_stir , 41.Nm arc4random_addrandom 42.Nd arc4 random number generator 43.Sh SYNOPSIS 44.Fd #include <stdlib.h> 45.Ft u_int32_t 46.Fn arc4random "void" 47.Ft void 48.Fn arc4random_buf "void *buf" "size_t nbytes" 49.Ft u_int32_t 50.Fn arc4random_uniform "u_int32_t upper_bound" 51.Ft void 52.Fn arc4random_stir "void" 53.Ft void 54.Fn arc4random_addrandom "u_char *dat" "int datlen" 55.Sh DESCRIPTION 56The 57.Fn arc4random 58function provides a high quality 32-bit pseudo-random 59number very quickly. 60.Fn arc4random 61seeds itself on a regular basis from the kernel strong random number 62subsystem described in 63.Xr random 4 . 64On each call, an ARC4 generator is used to generate a new result. 65The 66.Fn arc4random 67function uses the ARC4 cipher key stream generator, 68which uses 8*8 8-bit S-Boxes. 69The S-Boxes can be in about (2**1700) states. 70.Pp 71.Fn arc4random 72fits into a middle ground not covered by other subsystems such as 73the strong, slow, and resource expensive random 74devices described in 75.Xr random 4 76versus the fast but poor quality interfaces described in 77.Xr rand 3 , 78.Xr random 3 , 79and 80.Xr drand48 3 . 81.Pp 82.Fn arc4random_buf 83fills the region 84.Fa buf 85of length 86.Fa nbytes 87with ARC4-derived random data. 88.Pp 89.Fn arc4random_uniform 90will return a uniformly distributed random number less than 91.Fa upper_bound . 92.Fn arc4random_uniform 93is recommended over constructions like 94.Dq Li arc4random() % upper_bound 95as it avoids "modulo bias" when the upper bound is not a power of two. 96.Pp 97The 98.Fn arc4random_stir 99function reads data using 100.Xr sysctl 3 101from 102.Va kern.arandom 103and uses it to permute the S-Boxes via 104.Fn arc4random_addrandom . 105.Pp 106There is no need to call 107.Fn arc4random_stir 108before using 109.Fn arc4random , 110since 111.Fn arc4random 112automatically initializes itself. 113.Sh RETURN VALUES 114These functions are always successful, and no return value is 115reserved to indicate an error. 116.Sh SEE ALSO 117.Xr rand 3 , 118.Xr rand48 3 , 119.Xr random 3 120.Sh HISTORY 121An algorithm called 122.Pa RC4 123was designed by RSA Data Security, Inc. 124It was considered a trade secret. 125Because it was a trade secret, it obviously could not be patented. 126A clone of this was posted anonymously to USENET and confirmed to 127be equivalent by several sources who had access to the original cipher. 128Because of the trade secret situation, RSA Data Security, Inc. could 129do nothing about the release of the 130.Ql Alleged RC4 131algorithm. 132Since 133.Pa RC4 134was trademarked, the cipher is now referred to as 135.Pa ARC4 . 136.Pp 137These functions first appeared in 138.Ox 2.1 . 139