Linux kernel devices

Linux provides two devices:

  • /dev/random: RNG, block when there is no more true random bytes
  • /dev/urandom: PRNG, fast

Kernel configuration

Options:

CONFIG_HW_RANDOM=y
CONFIG_HW_RANDOM_INTEL=y
CONFIG_HW_RANDOM_AMD=y
CONFIG_HW_RANDOM_GEODE=y
CONFIG_HW_RANDOM_VIA=y

Feed the device

  • Move your mouse
  • Use your keyboard (write random text to /dev/null)

Example of commands:

find / &>/dev/null           # 50 bytes/seconde
dd if=/dev/hda of=/dev/null  # 15 bytes/seconde
hdparm -t /dev/hda           # 10 bytes/seconde

Control devices with /proc

Files of the directory /proc/sys/kernel/random:

  • poolsize: Entropy pool size in bytes
  • entropy_avail: Estimation of available entropy... bits or bytes?
  • read_wakeup_threshold: number of bits
  • write_wakeup_threshold: number of bits
  • boot_id: UUID generated once at boot
  • uuid: generate an UUID at each read

PRNG

Files: crypto/ansi_cprng.c, crypto/krng.c, crypto/rng.c

Neil Horman implemented ANSI X9.31 (Appendix A.2.4) using AES 128 cipher in Linux 2.6.28.

See also