1.\" $OpenBSD: random.4,v 1.34 2019/09/28 14:57:36 deraadt Exp $ 2.\" 3.\" Copyright (c) 1996, 1997 Michael Shalayeff 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright 9.\" notice, this list of conditions and the following disclaimer. 10.\" 2. Redistributions in binary form must reproduce the above copyright 11.\" notice, this list of conditions and the following disclaimer in the 12.\" documentation and/or other materials provided with the distribution. 13.\" 14.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 15.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 18.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24.\" SUCH DAMAGE. 25.\" 26.Dd $Mdocdate: September 28 2019 $ 27.Dt RANDOM 4 28.Os 29.Sh NAME 30.Nm random , 31.Nm urandom 32.Nd random data source device 33.Sh SYNOPSIS 34.In sys/types.h 35.In dev/rndvar.h 36.Sh DESCRIPTION 37The 38.Nm urandom 39device produces high quality pseudo-random output data without ever 40blocking. 41.Pp 42Entropy data stored previously is provided to the kernel during the 43boot sequence and used as inner-state of a stream cipher. 44High quality data is available immediately upon kernel startup. 45System activity (such as disk, network, and clock device interrupts), 46and hardware random generator output is collected, whitened with a crc 47and hash, then periodically folded together with stream cipher 48inner-state and outer-state to create a new inner state. 49Reads from all consumers (including the kernel itself, which makes many 50requests per second) are sliced from the same output stream, which carves 51the stream cipher output unpredictably and helps improve forward and 52backtracking protection beyond the strength of the stream cipher. 53.Pp 54The 55.Nm urandom 56device is intended to be used in scripts. 57In C programs, use the 58.Xr arc4random 3 59family of functions instead, which can be called in almost all 60coding environments, including 61.Xr pthreads 3 , 62.Xr chroot 2 , 63.Xr pledge 2 , 64and 65.Xr unveil 2 , 66and which avoids accessing a filesystem device every time. 67.Pp 68For portability reasons, never use 69.Pa /dev/random . 70On 71.Ox , 72it is an alias for 73.Pa /dev/urandom , 74but on many other systems misbehaves by blocking because their 75random number generators lack a robust boot-time initialization sequence. 76.Sh FILES 77.Bl -tag -width /dev/urandom -compact 78.It Pa /dev/urandom 79.El 80.Sh SEE ALSO 81.Xr arc4random 3 , 82.Xr amdpm 4 , 83.Xr glxsb 4 , 84.Xr pchb 4 , 85.Xr arc4random 9 86.Sh HISTORY 87A 88.Nm 89device first appeared in Linux in 1994. 90The 91.Nm random 92and 93.Nm urandom 94devices have been available since 95.Ox 2.0 . 96.Sh BUGS 97No randomness testing suite provided. 98