random(4) Device Drivers Manual random(4) random, urandom - - #include int ioctl(fd, RNDrequest, param); /dev/random /dev/urandom ( Linux 1.3.30) , . /dev/random 1 8. /dev/urandom 1 9. . . . Linux 3.17 getrandom(2), ; getrandom(2). /dev/urandom , , . ( , ), . /dev/urandom . , getrandom(2) /dev/random. /dev/random , , , /dev/urandom, . , . /dev/random , . When the entropy pool is empty, reads from /dev/random will block until additional environmental noise is gathered. Since Linux 5.6, the O_NONBLOCK flag is ignored as /dev/random will no longer block except during early boot process. In earlier versions, if open(2) is called for /dev/random with the O_NONBLOCK flag, a subsequent read(2) will not block if the requested number of bytes is not available. Instead, the available bytes are returned. If no byte is available, read(2) will return -1 and errno will be set to EAGAIN. /dev/urandom O_NONBLOCK . read(2) /dev/urandom 256 . EINTR . Since Linux 3.16, a read(2) from /dev/urandom will return at most 32 MB. A read(2) from /dev/random will return at most 512 bytes (340 bytes before Linux 2.6.12). /dev/random /dev/urandom , . , , /dev/random. /dev/random , /dev/urandom; , ; getrandom(2), . If a seed file is saved across reboots as recommended below, the output is cryptographically secure against attackers without local root access as soon as it is reloaded in the boot sequence, and perfectly adequate for network encryption session keys. (All major Linux distributions have saved the seed file across reboots since 2000 at least.) Since reads from /dev/random may block, users will usually want to open it in nonblocking mode (or perform a read with timeout), and provide some sort of user notification if the desired entropy is not immediately available. /dev/random /dev/urandom, : mknod -m 666 /dev/random c 1 8 mknod -m 666 /dev/urandom c 1 9 chown root:root /dev/random /dev/urandom Linux- , . . . , Linux-: echo " " random_seed=/var/run/random-seed # # if [ -f $random_seed ]; then cat $random_seed >/dev/urandom else touch $random_seed fi chmod 600 $random_seed poolfile=/proc/sys/kernel/random/poolsize [ -r $poolfile ] && bits=$(cat $poolfile) || bits=4096 bytes=$(expr $bits / 8) dd if=/dev/urandom of=$random_seed count=1 bs=$bytes , Linux-: # # echo " " random_seed=/var/run/random-seed touch $random_seed chmod 600 $random_seed poolfile=/proc/sys/kernel/random/poolsize [ -r $poolfile ] && bits=$(cat $poolfile) || bits=4096 bytes=$(expr $bits / 8) dd if=/dev/urandom of=$random_seed count=1 bs=$bytes , Linux 2.6.0 , /proc/sys/kernel/random/poolsize ( ). /proc The files in the directory /proc/sys/kernel/random (present since Linux 2.3.16) provide additional information about the /dev/random device: entropy_avail . 0 4096. poolsize . : Linux 2.4: . 512, , , . -- 32, 64, 128, 256, 512, 1024 2048. Linux 2.6 : . 4096. read_wakeup_threshold , , /dev/random. 64. write_wakeup_threshold , , select(2) poll(2) /dev/random. , . uuid boot_id , , 6fd5a44b-35f4-4ad4-a9b9-6b9be13e1fe9. , . ioctl(2) , /dev/random /dev/urandom, ioctl(2), . , /dev/random, /dev/urandom. ( RNDGETENTCNT) CAP_SYS_ADMIN. RNDGETENTCNT , entropy_avail proc. int, . RNDADDTOENTCNT . RNDGETPOOL Linux 2.6.9. RNDADDENTROPY , . /dev/random /dev/urandom , ( ). : struct rand_pool_info { int entropy_count; int buf_size; __u32 buf[0]; }; entropy_count -- ( ) , buf -- buf_size, . RNDZAPENTCNT RNDCLEARPOOL ( ). /dev/random /dev/urandom , , random(7). /dev/urandom . . mknod(1), getrandom(2), random(7) RFC 1750, "Randomness Recommendations for Security" aereiae , Azamat Hackimov , Dmitriy S. Seregin , Katrin Kutepova , Lockal , Yuri Kozlov , ; GNU 3 , . . , , . Linux man-pages 6.06 31 2023 . random(4)