About random numbers in linux

Source: Internet
Author: User
Tags random seed
For details about random numbers in linux-general Linux technology-Linux programming and kernel, see the following. In linux, you can use the rand function to obtain random numbers. However, you must set the seed. Otherwise, the pseudo-random number will become a pseudo-random number. Set the seed. Generally, you can use the time function to return the current time. Generally speaking, this approach is basically enough, because although we use random numbers, it is almost impossible to guess our seeds from the hundreds of millions of seeds due to different seeds.

But if our seed algorithm is known, it will obviously not work. Of course, it doesn't matter as some applications. For example, we need to randomly draw a pig on the screen. There is almost no one who cares about the next result of such an application. However, some applications may be different. In other words, some games also need to consider the security of random numbers.

The simple method is that our seeds are also represented by random numbers. However, it seems that there is a problem with chicken or eggs. Fortunately, linux provides us with a "real" random number. In the kernel, linux maintains occasional data and provides users with access interfaces. This is called a real random number because the data comes from accidental operations on the computer, such as hard disk operations, keyboard operations, and mouse operations, these operations are more real than pseudo-random numbers generated by fixed algorithms. Here we have a cool name called entropy ". The interfaces provided by the kernel are/dev/random and/dev/urandom devices. The difference between the two is that during reading, random will certainly return a number. If there is not enough data, it will block. Urandom does not block, but does not guarantee that the returned data is suitable.

In the following code, the init_random function is used to generate a Random Seed. Then, you can directly call rand to obtain a random number. The reason why the system reads 512 times and then combines them all is because the urandom device does not guarantee that each read is real data.

Another function, my_rand, is to directly read the random device to obtain a real random number. In this way, each time is a real random number, but the problem is that if the system's "entropy" is not enough, the program will be blocked. This method can be used for applications with high security requirements. If "entropy" is not enough, we can manually "CREATE" Some entropy. For example, in the following program, if you do not perform any operation, the program may stop the output after several random numbers are output. This is a busy process that you run on another terminal, such as "find /", we will find that our program starts to output random numbers continuously.

There are many examples of using the random device. For example, gpg will keep you typing the key until it is satisfied. For kernels later than 2.4, you can use the proc file system interface to obtain more information about the random device, for example,/proc/sys/kernel/random/entropy_avail can know how many "entropy" can be used in the system. Running our example, we can find that this value is reduced to a single digit at once until the program is blocked. Another file is also very interesting, that is,/proc/sys/kernel/random/uuid. Through this interface, you can easily obtain the truly unique uuid.

There is something to say about the random device, that is, system security. Some people can crack some information through the system startup process or the entropy generated by the system running for a certain period of time. This sounds very advanced, but theoretically it is entirely possible. Although the random device obtains entropy through system noise, if the two systems start completely the same, the entropy generated during the START process is of course the same. However, we do not need to worry about these security vulnerabilities because the current system has related patches.
QUOTE:
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.