random - overview of interfaces for obtaining randomness


   The  kernel  random-number  generator  relies  on entropy gathered from
   device drivers and other sources  of  environmental  noise  to  seed  a
   cryptographically secure pseudorandom number generator (CSPRNG).  It is
   designed for security, rather than speed.

   The following interfaces provide  access  to  output  from  the  kernel

   *  The   /dev/urandom   and  /dev/random  devices,  both  described  in
      random(4).  These devices have been present  on  Linux  since  early
      times, and are also available on many other systems.

   *  The  Linux-specific  getrandom(2) system call, available since Linux
      3.17.  This system call provides access either to the same source as
      /dev/urandom (called the urandom source in this page) or to the same
      source as /dev/random (called the random source in this page).   The
      default  is  the  urandom  source;  the random source is selected by
      specifying the GRND_RANDOM flag to the system call.

   Initialization of the entropy pool
   The kernel collects bits of  entropy  from  the  environment.   When  a
   sufficient  number  of random bits has been collected, the entropy pool
   is considered to be initialized.

   Choice of random source
   Unless you are doing long-term key generation (and most likely not even
   then), you probably shouldn't be reading from the /dev/random device or
   employing getrandom(2) with the GRND_RANDOM flag.  Instead, either read
   from  the  /dev/urandom  device  or  employ  getrandom(2)  without  the
   GRND_RANDOM flag.  The cryptographic algorithms used  for  the  urandom
   source  are  quite  conservative,  and  so should be sufficient for all

   The disadvantage of GRND_RANDOM and reads from /dev/random is that  the
   operation  can  block  for  an indefinite period of time.  Furthermore,
   dealing with the partially fulfilled requests that can occur when using
   GRND_RANDOM or when reading from /dev/random increases code complexity.

   Monte Carlo and other probabilistic sampling applications
   Using  these  interfaces  to provide large quantities of data for Monte
   Carlo  simulations  or  other  programs/algorithms  which   are   doing
   probabilistic  sampling  will be slow.  Furthermore, it is unnecessary,
   because such applications do not need cryptographically  secure  random
   numbers.   Instead, use the interfaces described in this page to obtain
   a small amount  of  data  to  seed  a  user-space  pseudorandom  number
   generator for use by such applications.

   Comparison between getrandom, /dev/urandom, and /dev/random
   The  following  table summarizes the behavior of the various interfaces
   that can be used to obtain randomness.  GRND_NONBLOCK is  a  flag  that
   can  be  used  to  control  the blocking behavior of getrandom(2).  The
   final column of the table considers the case that can  occur  in  early
   boot time when the entropy pool is not yet initialized.

   Interface      Pool          Blocking        Behavior when pool 
                                behavior        is not yet ready   
   /dev/random    Blocking      If entropy too  Blocks until       
                  pool          low, blocks     enough entropy     
                                until there is  gathered           
                                enough entropy                     
   /dev/urandom   CSPRNG        Never blocks    Returns output     
                  output                        from uninitialized 
                                                CSPRNG (may be low 
                                                entropy and        
                                                unsuitable for     
   getrandom()    Same as       Does not block  Blocks until pool  
                  /dev/urandom  once is pool    ready              
   getrandom()    Same as       If entropy too  Blocks until pool  
   GRND_RANDOM    /dev/random   low, blocks     ready              
                                until there is                     
                                enough entropy                     
   getrandom()    Same as       Does not block  EAGAIN             
   GRND_NONBLOCK  /dev/urandom  once is pool                       
   getrandom()    Same as       EAGAIN if not   EAGAIN             
   GRND_RANDOM +  /dev/random   enough entropy                     
   GRND_NONBLOCK                available                          
   Generating cryptographic keys
   The amount of seed material required to generate  a  cryptographic  key
   equals  the effective key size of the key.  For example, a 3072-bit RSA
   or Diffie-Hellman private key has an effective key size of 128 bits (it
   requires about 2^128 operations to break) so a key generator needs only
   128 bits (16 bytes) of seed material from /dev/random.

   While some safety margin above that minimum is reasonable, as  a  guard
   against  flaws  in  the  CSPRNG  algorithm,  no cryptographic primitive
   available today can hope to promise more than 256 bits of security,  so
   if  any  program  reads  more  than 256 bits (32 bytes) from the kernel
   random pool per invocation, or per reasonable reseed interval (not less
   than  one minute), that should be taken as a sign that its cryptography
   is not skillfully implemented.


   getrandom(2), random(4), urandom(4), signal(7)


   This page is part of release 4.09 of the Linux  man-pages  project.   A
   description  of  the project, information about reporting bugs, and the
   latest    version    of    this    page,    can     be     found     at


Personal Opportunity - Free software gives you access to billions of dollars of software at no cost. Use this software for your business, personal use or to develop a profitable skill. Access to source code provides access to a level of capabilities/information that companies protect though copyrights. Open source is a core component of the Internet and it is available to you. Leverage the billions of dollars in resources and capabilities to build a career, establish a business or change the world. The potential is endless for those who understand the opportunity.

Business Opportunity - Goldman Sachs, IBM and countless large corporations are leveraging open source to reduce costs, develop products and increase their bottom lines. Learn what these companies know about open source and how open source can give you the advantage.

Free Software

Free Software provides computer programs and capabilities at no cost but more importantly, it provides the freedom to run, edit, contribute to, and share the software. The importance of free software is a matter of access, not price. Software at no cost is a benefit but ownership rights to the software and source code is far more significant.

Free Office Software - The Libre Office suite provides top desktop productivity tools for free. This includes, a word processor, spreadsheet, presentation engine, drawing and flowcharting, database and math applications. Libre Office is available for Linux or Windows.

Free Books

The Free Books Library is a collection of thousands of the most popular public domain books in an online readable format. The collection includes great classical literature and more recent works where the U.S. copyright has expired. These books are yours to read and use without restrictions.

Source Code - Want to change a program or know how it works? Open Source provides the source code for its programs so that anyone can use, modify or learn how to write those programs themselves. Visit the GNU source code repositories to download the source.


Study at Harvard, Stanford or MIT - Open edX provides free online courses from Harvard, MIT, Columbia, UC Berkeley and other top Universities. Hundreds of courses for almost all major subjects and course levels. Open edx also offers some paid courses and selected certifications.

Linux Manual Pages - A man or manual page is a form of software documentation found on Linux/Unix operating systems. Topics covered include computer programs (including library and system calls), formal standards and conventions, and even abstract concepts.