/Dev/random and/dev/urandom notes, devurandom

Source: Internet
Author: User

/Dev/random and/dev/urandom notes, devurandom
1. Basic Introduction

/Dev/random and/dev/urandom are random Pseudo devices provided in Linux. The tasks of these two devices are to provide random byte data streams that are never empty. Many decryption and security applications (such as SSH Keys and SSL Keys) require random data streams they provide.

The difference between the two devices is that the/dev/random pool depends on the system interruption. Therefore, when the number of system interruptions is insufficient, the/dev/random device will be blocked all the time, the process to be read enters the waiting state until the number of system interruptions is sufficient. The/dev/random device can ensure the randomness of data. /Dev/urandom does not rely on the system interruption, so it does not cause the process to wait, but the data randomness is not high.

You can use the cat command to read the data streams of/dev/random and/dev/urandom (binary data streams, which are hard to read). You can use the od command to convert the data streams to hexadecimal format and view them:



During the cat process, it was found that the/dev/random generation speed is relatively slow, sometimes there will be a large pause, and the/dev/urandom generation speed is very fast, there is basically no pause.

Using the dd command to copy data streams from these devices, we can find that the speed varies greatly:

Read 1 kb byte streams from/dev/random:


Read 1 kb byte streams from/dev/urandom:


Through program testing, it is also found that the more the/dev/random Device is read, the slower its response.

When mcrypt is extended using PHP encryption, The mcrypt_create_iv () function is used to create an initial vector (initialization vector) from a random source. The signature of this function is:

string mcrypt_create_iv ( int $size [, int $source = MCRYPT_DEV_URANDOM ] )

Note that $ source is the second parameter of the function. In versions earlier than PHP 5.6.0, this parameter defaults to MCRYPT_DEV_RANDOM. That is, mcrypt_create_iv obtains random data sources from the/dev/random Device by default. When the number of system concurrency is high, the system cannot provide enough interruptions, which will cause the access process to suspend (LOCK) and thus fail to respond normally.

A simple test script is as follows:

1 <? Php2 define ("MCRYPT_KEY", "x90! -= Zo2s "); 3 $ src =" test "; 4 5 $ size = mcrypt_get_iv_size (MCRYPT_BLOWFISH, MCRYPT_MODE_ECB); 6 $ iv = mcrypt_create_iv ($ size ); 7 $ encrypted = mcrypt_ecb (MCRYPT_BLOWFISH, MCRYPT_KEY, $ src, MCRYPT_DECRYPT, $ iv); // 5.5 + deprecated, please test with the latest API

We have previously found that the output of the cat/dev/random data stream has a large pause. When the concurrency is large, the read process may wait or even fail to respond.

Fortunately, we can specify the second parameterMCRYPT_DEV_URANDOMForce/dev/urandom to use random data streams (/dev/urandom is used as the random data source by default in PHP 5.6.0 + ).

2. Other Purposes of/dev/random and/dev/random

1. These two pseudo devices can be used to generate random temporary file names instead of mktemp:

cat /dev/urandom |od –x | tr –d  ' '| head –n 1

A 128-bit temporary file name can be generated, which has high randomness and security.

2. The footprint generated by SSH-keygen can be simulated. The script is as follows:

 1 #/bin/sh - 2 cat /dev/urandom | 3 od -x | 4 head -n 1| 5 cut -d ' ' -f 2- | 6 awk -v ORS=":"  7 '{ 8     for(i=1; i<=NF; i++){ 9         if(i == NF){10             ORS = "\n";11         }12         print substr($i,1,2) ":" substr($i,3,2);13     }14 }'

A brief explanation of the script:

(1). cat/dev/urandom | od-x | head-n 1 is used to read a data stream from a random device and convert it to hexadecimal. The output of this section is similar:


(2) because the first column is actually the data offset and is not a random data stream, use cut to retrieve the following fields again: cut-d ''-f 2-

(3). Use awk program output. ORS is the built-in variable of awk. It refers to the output record delimiter. The default value is \ n.

Script output result:


Is it quite similar to the footprint generated by ssh-keygen? : D


How to Use the dd command in linux to create a windows USB flash drive?

Linux dd Command [Magic command used to create a usb disk boot disk] linux dd command Burn Boot usb disk detailed explanation dd command is very convenient to do usb boot disk, only need: sudo
Dd if = xxx. iso of =/dev/sdb bs = 1 M
Before using the preceding commands, you must uninstall the USB flash drive. sdb is your USB flash drive, and bs = 1 m is the block size. The subsequent values are large, and the write speed is relatively small, but not infinite, I usually select 2 M. Note that the block is completed after the command is executed, but the USB flash disk is still flashing. If it is not flashed, it will be safely removed.
Note: Your image must support the dd command.
Dd command.
Dd is a very useful command in Linux/UNIX. It is used to copy an object with a specified size block and perform the specified conversion at the same time.
1. if = File Name: Enter the file name. The default value is standard input. Specifies the source file. <If = input file>
2. of = File Name: name of the output file. The default value is standard output. Specifies the target file. <Of = output file>
3. ibs = bytes: Read bytes at a time, that is, specify the size of a block to bytes.
Obs = bytes: outputs bytes at a time, that is, specify a block size as bytes.
Bs = bytes: set the size of the read/output block to bytes at the same time.
4. cbs = bytes: bytes are converted at a time, that is, the size of the conversion buffer zone is specified.
5. skip = blocks: the blocks are skipped from the beginning of the input file and then copied.
6. seek = blocks: the blocks are skipped from the beginning of the output file and then copied.
Note: It is valid only when the output file is a disk or tape, that is, it is backed up to a disk or tape.
7. count = blocks: copy only blocks. The block size is equal to the number of bytes specified by ibs.
8. conv = conversion: Convert the file with the specified parameter.
Ascii: Convert ebcdic to ascii
Ebcdic: Convert ascii to ebcdic
Ibm: Convert ascii to alternate ebcdic
Block: converts each row to the length of cbs. spaces are used to fill the remaining parts.
Unblock: the length of each row is cbs, and the remaining part is filled with spaces.
Lcase: converts uppercase to lowercase.
Ucase: converts lowercase to uppercase.
Swab: swap each pair of input bytes
Noerror: Do not stop when an error occurs
Notrunc: the output file is not truncated.
Sync: Fill each input block into ibs bytes, and fill the remaining part with null (NUL) characters.
Edit this dd application instance.
1. Back up the local/dev/hdb to/dev/hdd.
Dd if =/dev/hdb of =/dev/hdd
2. Back up the full/dev/hdb data to the image file in the specified path.
Dd if =/dev/hdb of =/root/image
3. Restore the backup file to the specified disk.
Dd if =/root/image of =/dev/hdb
4. Back up/dev/hdb full data, compress it with gzip, and save it to the specified path.
Dd if =/dev/hdb | gzip>/root/image.gz
5. Restore the compressed backup file to the specified disk.
Gzip-dc/root/image.gz | dd of =/dev/hdb
6. Backup the MBR information of the first 512 bytes starting from the disk to the specified file.
Dd if =/dev/hda of =... the remaining full text>

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.