1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
|
.\" Copyright (c) 1997 John S. Kallal (kallal@voicenet.com)
.\"
.\" This is free documentation; you can redistribute it and/or
.\" modify it under the terms of the GNU General Public License as
.\" published by the Free Software Foundation; either version 2 of
.\" the License, or (at your option) any later version.
.\"
.\" Some changes by tytso and aeb.
.\"
.\" 2004-12-16, John V. Belmonte/mtk, Updated init and quit scripts
.\" 2004-04-08, AEB, Improved description of read from /dev/urandom
.\" 2008-06-20, George Spelvin <linux@horizon.com>,
.\" Matt Mackall <mpm@selenic.com>
.\" Add a Usage subsection that recommends most users to use
.\" /dev/urandom, and emphasizes parsimonious usage of /dev/random.
.\"
.\" Japanese Version Copyright (c) 1998
.\" ISHIKAWA Mutsumi, all rights reserved.
.\" Translated into Japanese Mon Jan 12 03:20:27 JST 1998
.\" by ISHIKAWA Mutsumi <ishikawa@linux.or.jp>
.\" Japanese Version Last Modified Thu Feb 5 21:08:33 JST 1998
.\" by ISHIKAWA Mutsumi <ishikawa@linux.or.jp>
.\" Updated & Modified Sun Jun 6 14:48:03 JST 2004
.\" by Yuichi SATO <ysato444@yahoo.co.jp>
.\" Updated & Modified Tue Jan 18 04:21:16 JST 2005 by Yuichi SATO
.\" Updated & Modified Fri Apr 22 03:44:01 JST 2005 by Yuichi SATO
.\" Updated 2008-08-13, Akihiro MOTOKI <amotoki@dd.iij4u.or.jp>, LDP v3.05
.\"
.\"WORD: random generator ͥ졼
.\"
.TH RANDOM 4 2008-06-20 "Linux" "Linux Programmer's Manual"
.SH ̾
random, urandom \- ͥǥХ
.SH
(Linux 1.3.30 Ƥ) \fI/dev/random\fP
\fI/dev/urandom\fP 饯ڥե
ͥͥ졼ؤΥե롣
\fI/dev/random\fP եϥ㡼ǥХֹ 1
ޥʡǥХֹ 8 Ǥ롣
\fI/dev/urandom\fP ϥ㡼ǥХֹ 1
ޥʡǥХֹ 9 Ǥ롣
.LP
ͥ졼ϥǥХɥ饤Ф䤽¾θδĶΥ
ȥԡסؽ롣
ޤͥ졼ϥȥԡסΥΥΥӥåȿοͤ
ݻ롣
Υȥԡס뤫롣
.LP
ɤ߹ߤԤȡ
\fI/dev/random\fP
ǥХϥȥԡסΥΥӥåȤοοͤΤ
ХȤΤߤ֤
\fI/dev/random\fP ϥѥå (one-time pad) 丰Τ褦
˹⤤ʼä̵ɬפˤʤӤ˸Ƥ
ȥԡס뤬λϡ\fI/dev/random\fP ɤ߽Фϡ
ʤĶΥޤǡ֥å롣
.LP
\fI/dev/urandom\fP ǥХɤ߽ФǤϡ
ȥԡ⤯ʤΤԤĤΥ֥åϹԤʤ
η̡⤷ȥԡס˽ʬʥȥԡ¸ߤʤ硢
֤ͤϤΥɥ饤ФǻȤƤ륢르ꥺ˴ŤŹ湶Фơ
Ūˤϼ夯ʤ뤳Ȥˤʤ롣
ιɤΤ褦˹ԤȤˤĤƤϡ߸ʸʤɤ
ǤϤʤΤ褦ʹŪ¸߲ǽǤ롣
⤷λۤʤ顢(\fI/dev/urandom\fP ǤϤʤ)
\fI/dev/random\fP ѤФ
.SS Ȥ
.I /dev/random
.I /dev/urandom
ΤɤȤ٤¤ä硢Ƥ
.I /dev/urandom
ȤȻפäƤϤ
̤ˡĹϤäƻȤ GPG/SSL/SSH ΥʳƤΤΤ
.I /dev/urandom
Ѥ٤Ǥ롣
ǿ侩Ƥ褦˺Ƶưե뤬¸
(Ƥμ Linux Υǥȥӥ塼ϾʤȤ 2000 ǯʹߤ
¸褦ˤʤäƤ)ưˤ郎
ƥɤ줿ľ夫顢νϤϥΥ롼ȥǤʤ
ԤФưŹŪ˰ʤΤȤʤꡢͥåȥŹ沽Υå
ȤƻȤˤϴ˺ŬʤΤȤʤ롣
.I /dev/random
ɤ߽Ф (block) ǽΤǡ桼
Υե (non-blocking) ⡼ɤdzȤ
(⤷ϥॢȤꤷɤ߽Ф¹Ԥ)˾٥
ȥԡϤˤѤǤʤˤϡ餫ΤԤȤ
ͥͥ졼ϡŹ浿ͥ졼 (Cryptographic
pseudo-random number generator; CPRNG) μȤƻѤǤ
ʼκ뤿߷פƤ롣
®٤ǤϤʤŻ뤷߷פƤꡢ
ʥǡ̤ΤˤäŬƤʤ
桼
.I /dev/urandom
(
.IR /dev/random )
ɤ߽Фκ̤Ǥ٤Ǥ롣
ΥǥХɬפ̤Υǡɤ߽ФȡΥǥХȤ
¾Υ桼˥ޥʥαƶͿƤޤ
Ź渰Τɬפκ̤ϡμ¸ƱǤ롣
㤨С3072 ӥåȤ RSA Diffie-Hellman ̩μ¸
128 ӥå (̩ˤˤ 2^128 ɬפȤ) Ǥꡢ
ΤḰ郎
.I /dev/random
ɤ߽Фɬפκ̤ 128 ӥå (16 Х) Ǥ롣
CPRNG 르ꥺη٤ФݸȤơκǾͤФƤ餫
ΥޡΤϤäȤѲǽʰŹץߥƥ֤
256 ӥåȤ¿ΰɬפȤ褦ʤΤϤʤ
ư٤ˡ⤷ѹʴֳ (1 ʬûʤ뤳ȤϤʤ)
٤ˡͥס뤫 256 ӥå (32 Х) ꤿɤ߽Ф
褦ʾˤϡΥץΰŹޤơ֤ʤײǽ
ȹͤ٤Ǥ
.SS
ƥˤ餫줿 \fI/dev/random\fP
\fI/dev/urandom\fP ¸ߤʤʤ顢Τ褦ʥޥɤǺǤ롣
.nf
mknod \-m 644 /dev/random c 1 8
mknod \-m 644 /dev/urandom c 1 9
chown root:root /dev/random /dev/urandom
.fi
ڥ졼ʤ Linux ƥबưľϡ
ȥԡסϰճ˳Ѱʾ֤ˤ
ˤꡢȥԡסμºݤΥΥ̤ɾͤ꾯ʤʤ롣
θ̤Ǥäˡåȥ () ưޤǻۤ
ȥԡסξˤʤ롣
ȥԡסۤˤϡ
Linux ƥεư˼¹ԤŬڤʥץȤˡ
ʲιԤɲäФ褤:
.nf
echo "Initializing random number generator..."
random_seed=/var/run/random-seed
# Υȥåפ鼡Υȥåפޤǻۤ
# ɤԤθ塢ƤΥȥԡס¸롣
if [ \-f $random_seed ]; then
cat $random_seed >/dev/urandom
else
touch $random_seed
fi
chmod 600 $random_seed
poolfile=/proc/sys/kernel/random/poolsize
[ \-r $poolfile ] && bytes=\`cat $poolfile\` || bytes=512
dd if=/dev/urandom of=$random_seed count=1 bs=$bytes
.fi
ޤLinux ƥΥåȥ˼¹ԤŬڤʥץȤˡ
ʲιԤɲäФ褤:
.nf
# Υåȥ鼡Υȥåפޤǻۤ
# ƤΥȥԡס¸롣
echo "Saving random seed..."
random_seed=/var/run/random-seed
touch $random_seed
chmod 600 $random_seed
poolfile=/proc/sys/kernel/random/poolsize
[ \-r $poolfile ] && bytes=\`cat $poolfile\` || bytes=512
dd if=/dev/urandom of=$random_seed count=1 bs=$bytes
.fi
.SS "/proc ե"
ǥ쥯ȥ
.I /proc/sys/kernel/random
ˤե (2.3.16 ¸ߤ) ϡ
.I /dev/random
ǥХؤΤ¾Υե롣
.LP
ɤ߹ѤΥե
.I entropy_avail
ϻѲǽʥȥԡɽ
̾ 4096 (ӥå) ˤʤꡢȥԡס뤬դξ֤Ǥ롣
.LP
ե
.I poolsize
ϥȥԡסΥɽ
Υեΰ̣ϥͥСˤۤʤ롣
.RS
.TP 12
Linux 2.4:
ΥեϥȥԡסΥ֥Хȡñ̤ǵꤹ롣
̾Υեͤ 512 ˤʤ뤬߲ǽǤꡢ
르ꥺѲǽǤդͤѹǤ롣
ǽͤ 32, 64, 128, 256, 512, 1024, 2048 Ǥ롣
.TP
Linux 2.6:
Υեɤ߽ФѤǤꡢ
ȥԡסΥ֥ӥåȡñ̤ǵꤹ롣
ͤ 4096 Ǥ롣
.RE
.LP
ե
.I read_wakeup_threshold
.I /dev/random
ΥȥԡԤäƵٻߤƤץΤɬפ
ȥԡΥӥåȿݻƤ롣
ǥեȤ 64 Ǥ롣
ե
.I write_wakeup_threshold
ϥȥԡΥӥåȿݻƤꡢͰʲˤʤä
.I /dev/random
ؤνߥΤ
.BR select (2)
ޤ
.BR poll (2)
¹Ԥץ
ͤϥե˽ߤԤȤˤäѹǤ롣
.LP
ɤ߹ѤΥե
.I uuid
.I boot_id
6fd5a44b-35f4-4ad4-a9b9-6b9be13e1fe9 Τ褦
ʸݻƤ롣
Ԥɤ߹ߤ٤˿졢
Ԥ 1 ٤롣
.SH ե
/dev/random
.br
/dev/urandom
.\" .SH
.\" ͥ롦ʥСͥ졼 Theodora Ts'o
.\" (tytso@athena.mit.edu) ˤäƽ줿
.SH Ϣ
mknod (1)
.br
RFC\ 1750, "Randomness Recommendations for Security"
.\" .SH
.\" <ishikawa@linux.or.jp>
|
