RANDOMD(8) BSD System Manager's Manual RANDOMD(8)NAMErandomd - generate random numbers
SYNOPSISrandomd [-ctv] [-f conf-file]
DESCRIPTION
The randomd daemon opens sockets and accepts requests for random numbers
on one or more local domain sockets. The options available are:
-c Force use of the system cycle counter. This is currently only
supported on Pentimum processors, or better.
-f Use conf-file instead of the default /etc/random.conf configura-
tion file.
-t Force use of the system clock (tick).
-v Produce some verbose output and do not run as a daemon.
When started, the randomd daemon puts itself in the background and de-
taches itself from the controlling tty, unless -v was specified. It runs
at a nice level of 15 to prevent it from competing with normal processes
on the system.
ALGORITHM
The current algorithm used by randomd is to either read the time of day
approximately 60 times a second, using the tv_usec field to obtain 3 bits
of random data, or by reading the system cycle counter approximately 100
times a second to obtain 3 bits of random data. Once 32 bits have been
collected they are stored in a circular queue of 4096 numbers. When re-
quested to produce a random number, the daemon takes the next two unused
numbers out of the queue. If all current numbers in the queue have been
consumed, the DES or MD5 algorithm is optionally used to cyclically en-
crypt a random 64 bit seed. Only the upper 32 bits of the result are re-
turned. The key used to do the cyclical encryption is taken from the
physically first two 32 bit random numbers in the circular queue. This
implies the DES key changes approximately every 11.8 minutes. The seed
which is cyclically encrypted is updated each time a new set of 32 random
bits is generated by the standard generator above. The new bits are al-
ternately placed in the upper and lower 32 bits of the seed. This im-
plies the seed is modified approximately 6 times a second.
CONFIGURATION
If the default configuration file /etc/random.conf is not present and
conf-file is not specified, the default configuration is:
/var/run/random
/var/run/random.ascii ascii
/var/run/random.stream stream
/var/run/random.string stream ascii md5
/var/run/random.des stream des
/var/run/random.md5 stream md5
Each line in the configuration specifies a file name and a set of op-
tions, separated by spaces. The file name specifies the name of the lo-
cal domain socket that will service random number requests. The options
specify how those random numbers will be provided. The options are:
ascii Provide the random numbers in hexadecimal ascii digits.
des If no random numbers are ready, use DES to generate a new
random number.
md5 If no random numbers are ready, use MD5 to generate a new
random number.
stream Normally a single 64 bit result is made available. The
stream option produces as much data as requested by the
client. This is normally combined with either des or md5.
If neither des nor md5 are specified then only numbers generated by the
clock are used.
BUGS
This generator has not been cryptographically examined. It is relatively
uniform and spans the entire 64 bit space. Different processor speeds
may effect the randomness of the data.
COPYRIGHT
Copyright (c) 1995,1996,1999 Paul R. Borman <prb@krystal.com>
All rights reserved.
Permission to use, copy, and modify this software without fee is hereby
granted, provided that this entire notice is included in all copies of
any software which is or includes a copy or modification of this software
and in all copies of the supporting documentation for such software.
THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR IMPLIED
WARRANTY. IN PARTICULAR, THE AUTHOR MAKES NO REPRESENTATION OR WARRANTY
OF ANY KIND CONCERNING THE MERCHANTABILITY OF THIS SOFTWARE OR ITS FIT-
NESS FOR ANY PARTICULAR PURPOSE.
The md5 algorithm is properly known as the RSA Data Security, Inc. MD5
Message-Digest Algorithm and is
Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991.
All rights reserved.
September 18, 1999 2