random

Generator of secure random data

Note:

The slogger2 daemon must be running before you start random.
You must be root or have the right abilities to start this service.

Syntax:

random [-hpt] [-i #] [-l library[:init_string]] [-m mode] [-s path] [-U string]

Runs on:

QNX Neutrino

Options:

-h

Show the usage message.

-i#

Use interrupt number # as a source for entropy. You may specify more than one interrupt, to a maximum of 32.

-l library[:init_string]

Load the given library either to use it as the only source of entropy or to get more entropy if another source is specified. The value of init_string depends on the library.

-m mode

Specify the permissions, in octal, for the entry under /dev.

(QNX Neutrino 7.0 or later) The default permissions on these files are 0666, to allow non-root users to contribute entropy.

-p

Poll system information from /proc for entropy.

-s path

Save the state of the service in the given file, so that it can be reloaded when random is next started.

(QNX Neutrino 7.0 or later) The state is saved whenever you write to the /dev/random or /dev/urandom resource manager, or after 8192 reseedings.

-t

Use the high-performance clock as an entropy source.

-U string

(QNX Neutrino 6.6 or later) Once running, run as the specified user, so that the program doesn't need to run as root. The string can be in one of these forms:

uid[:gid[,sup_gid]*]
user_name[,sup_gid]*

In the second form, the primary group is the one specified for user_name in /etc/passwd.

Description:

The random service runs in the background providing a source of secure, pseudo-random data suitable for encryption and security. The service builds its internal pool of pseudo-random data from entropy sources specified when it is started. These sources may include timers, interrupts, and detailed system runtime information. The service makes this random data available by providing device entries that any application can read:

/dev/random
/dev/urandom

These device entries provide the same functionality.

The user controls all of the sources to be used to collect entropy by specifying source options on the command line.

Note: Using interrupts as sources imposes an overhead on system performance. When using the -i option, you might want to minimize the impact of this overhead by specifying only one or two interrupts from low interrupt rate devices such as disk drivers and input/serial devices.

Examples:

Start the random service using three PC interrupts as sources:

random -i12 -i14 -i15

From an application, read 4 bytes of random data like this:

int data;
int fd;

fd = open( "/dev/random", O_RDWR );
if( fd == -1 )
{
    exit( 1 );
}

read( fd, &data, sizeof( data ) );

close( fd );

Exit status:

0: The random data is available from /dev/random and /dev/urandom.
Any other value: An error occurred; /dev/random and /dev/urandom aren't created.

Errors:

If an error occurs, random sends a description of the error to slogger2 and doesn't create /dev/random or /dev/urandom.

Contributing author:

The random service uses the core algorithm from the Fortuna pseudo-random number generator (PRNG) devised by Bruce Schneier and Niels Ferguson.

Caveats:

The random service doesn't work unless you specify at least one source for entropy, using the -p, -t, -i, or -l options.