/dev/random and /dev/urandom are character device files on Linux that are random number generators that provide random numbers to the system
<h1 class="pgc-h-arrow-right" data-track="2" > the importance of random numbers</h1>
Random numbers are important in calculations. TCP/IP sequence numbers, cipher salts, and DNS source port numbers all rely on random numbers.
In cryptography, randomness is everywhere, from the generation of keys to the way cryptographic systems are attacked and even the way cryptographic systems are attacked. There is no randomness, and all cryptographic operations are predictable and therefore insecure.
<h1 class="pgc-h-arrow-right" data-track="5" > the principle of random number generation</h1>
In order to be as random as possible, the random number generator collects various data in the system environment, such as: mouse movement, keyboard input, terminal connection and disconnection, audio and video playback, system interruption, memory CPU usage, and so on
The generator puts the collected environmental data into a pool ( entropy pool ) and then deflects and bleaches the data, the main purpose of which is to make the data more disordered, more difficult to guess or predict
After having a large amount of environmental data, each time a random number is taken, the specified sequence of bytes is read from the pool, and these byte sequences are the random numbers generated by the generator
<h1 class="pgc-h-arrow-right" data-track="9" > structure of the random number generator</h1>
The following figure is the structure of a random number generator
The structure of the entire generator is divided into collectors, main entropy pools, sub-entropy pools, urandom entropy pools, and counters
Collector
The collector collects the ambient noise in the system, such as: mouse, keyboard, interrupt events, memory, CPU, etc., collects and deflects in batches, bleaches and enters the main entropy pool
Main entropy pool
The primary entropy pool receives the environment data passed by the collector in size of 512 bytes (4098 binary bits), which provides random numbers for sub-entropy pools and urandom entropy pools
On Linux, you can view the current system master entropy pool size in the number of binary bits by following the command below
Sub-entropy pool
/dev/random Device-dependent, 128 bytes in size, it is blocking
urandom entropy pool
It is related to the /dev/urandom device, which is 128 bytes in size and is non-blocking
counter
The primary entropy pool, the sub-entropy pool, and the urandom entropy pool each have a counter, recorded by an integer value, representing the number of random numbers available in the current entropy pool, which is an estimated value that the generator estimates based on the environmental data in the entropy pool
When a new random number is added to the entropy pool, the counter count corresponding to the entropy pool increases, and when the random number in the entropy pool is taken out, the entropy pool counter count decreases
<h1 class="pgc-h-arrow-right" data-track="25" > output interface</h1>
Generators mainly have three interfaces: /dev/random, /dev/urandom, and get_random_bytes().
/dev/random、/dev/urandom
Both device files can be accessed from user space, even for regular users, and they return a random number of the specified number of requests
get_random_bytes()
Interfaces for kernel use only return a random number for the specified number of requests, and this interface is not discussed for the time being
<h1 class="pgc-h-arrow-right" data-track="31" > request a random number flow</h1>
Now, if the application layer calls /dev/random and /dev/urandom to request N random binary bits, respectively, their processing process is as follows:
/dev/urandom
Urandom entropy pool counter count will subtract N, if the result is greater than or equal to 0, take N random binary bits directly from the urandom entropy pool and return, if the result is less than 0, the request will not block, but return N pseudo random binary bits, where the pseudo random binary bits are calculated algorithmically, its quality is not as high as the random binary bit extracted from the urandom entropy pool
/dev/random
The sub-entropy pool counter subtracts N, and if the result is greater than or equal to 0, take N random binary bits directly from the sub-entropy pool and return
If the result is less than 0, the remaining required random binary bits are first extracted from the main entropy pool, and the main entropy pool counter subtracts the corresponding value while returning N random binary bits
If the sum of the counters of both the primary and secondary entropy pools is not enough N, the action to read the random binary bits is blocked until there are enough random binary bits in the sub-entropy pool
<h1 class="pgc-h-arrow-right" Data-track="39" >/dev/random, /dev/urandom</h1>
/dev/urandom It returns a random number of the specified number of requests, and if the number of requests is very large, the returned random number may be a pseudo-random number, and the random number quality is slightly worse, but even so, they are sufficient for most applications
/dev/random is also a random number that returns a specified number of requests, but the random number it produces is of high quality, is a true random number, and is mainly used where high-quality random numbers are needed, such as generating encryption keys.
To guarantee the quality of the random number, /dev/random can only return the maximum random binary bit currently available in the entropy pool, and when a request exceeds this value, it blocks until there are enough random binary bits in the entropy pool
<h1 class="pgc-h-arrow-right" data-track="43" > pseudo-random and true random</h1>
Pseudo-random and true random are mentioned above, where "true" and "pseudo" are relative
Pseudo-random numbers are calculated algorithmically, which only has computational randomness
True random numbers come from various environmental noise data in the system, and then use algorithm confusion to think that they are completely random, with real randomness and computational randomness
However, for some miniature Linux systems, its ambient noise is very small, and the noise type is relatively fixed, the probability of being guessed will be greatly increased, then its true randomness is greatly reduced, then the randomness of the random numbers it produces and pseudo-random numbers are almost the same
<h1 class="pgc-h-arrow-right" data-track="48" > which random number generator to use</h1>
/dev/random and /dev/urandom are two random number generators on Linux, so which one do we use in our application, and according to what principles to choose?
To be clear, both /dev/random and /dev/urandom produce random numbers that are extracted from the same pool of entropy (the primary entropy pool), and only behave differently when the respective entropy pools are exhausted: /dev/random blocks, while /dev/urandom does not, but it returns an algorithmically calculated pseudo-random number
There is a rule that /dev/random produces random numbers of high quality, mainly for some security aspects, and it is blocking, which is unacceptable for most applications
For /dev/urandom, when the entropy pool counter is sufficient, it produces true random numbers, when the count is not enough, it produces pseudo-random numbers, and most importantly, it does not block, and for the vast majority of applications, pseudo-random numbers can also meet the needs very well
<h1 class="pgc-h-arrow-right" data-track="53" > summary</h1>
This article mainly introduces the principles and differences between /dev/random and /dev/urandom under Linux, please consult the man documentation or refer to the links below for more details
https://eprint.iacr.org/2006/086.pdf
https://hal.inria.fr/hal-00738638/document