Linux random number generation/dev/random and/dev/urandom

/Dev/random and/dev/urandom are random number generation devices provided by UNIX systems. Many applications need to use random numbers provided by random devices, such as SSH keys, SSL keys, TCP/IP sequence numbers. The random pool of the random device is determined by the irqs based on the interruption. irqs is bound with some special hardware. The interrupts based on these hardware will be provided to the random device. In Linux, we can use CAT/proc/interrupts to check which devices are bound to IRQ [Oracle @ test Oracle] $ CAT/proc/interrupts
Cpu0 cpu1 cpu2 cpu3

0: 135 0 301721845 io-APIC-edge Timer

1: 0 0 0 54 io-APIC-edge keyboard

0 0 0 0 XT-PIC Cascade

8: 0 0 0 1 io-APIC-edge rtc

14: 0 0 0 2 io-APIC-edge ide0

16: 0 0 0 40 io-APIC-level USB-uhci

18: 0 0 0 0 io-APIC-level USB-uhci

19: 0 0 0 0 io-APIC-level USB-uhci

23: 0 0 2257 io-APIC-level ide2, EHCI-HCD

25: 0 0 0 29 io-APIC-level ioc1

26: 0 0 0 29 io-APIC-level ioc0

48: 0 0 0 2151823972 io-APIC-level eth0

82: 0 0 339588855 io-APIC-level megaraid

NMI: 0 0 0 0

Loc: 301720634 301720634 301720634 301720633

Err: 0

MIS: 0 is used to simulate a situation where the value from/dev/random is not enough but the value of/dev/random is not enough. At this time, the process of the value will wait until enough random value is obtained. [Root @ csdba ~] # Time dd If =/dev/random of = 1.dmp BS = 1024 k count = 100 then the DD process will hang and wait for enough random values to trace what the process is doing [root @ csdba ~] # Ps-Ef | grep dd
Root 4749 4156 0 00:00:00 pts/1 dd IF/dev/random of 1.dmp BS 1024 K count 100

Root 4753 4634 0 00:00:00 pts/3 grep dd [root @ csdba ~] # Strace-P 4749
Process 4749 attached-interrupt to quit

Read (0, DD processes are waiting to read enough random numbers. From the above we can see that eth0 Nic is bound with irqs, when we perform network transmission, the NIC will provide a lot of interrupt to/dev/random. In this case, we will try SCP to show this machine a file. [Oracle @ csdbc Oracle] $ SCP 1.dmp root@10.0.100.115 :/
Root@10.0.100.115's password:

1. DMP 100% | ************************************* ************************************ and then return view strace in the original window, it can be found that strace has ended, that is, DD has completed read (0, "e \ 347 \ 276m \ 274 \ 33 \ 227-iz5 \ 330 \ 264 \ 245 \ 260z \ 326 \ '\ 376 \ 266 ″..., 1048576) = 44

Write (1, "e \ 347 \ 276m \ 274 \ 33 \ 227-iz5 \ 330 \ 264 \ 245 \ 260z \ 326 \ '\ 376 \ 266 ″..., 44) = 44

Munmap (0xb7cb5000, 1060864) = 0

Open ("/usr/share/locale. Alias", o_rdonly) = 3

Fstat64 (3, {st_mode = s_ifreg | 0644, st_size = 2528 ,...}) = 0

Mmap2 (null, 4096, prot_read | prot_write, map_private | map_anonymous,-1, 0) = 0xb7db7000

Read (3, "# locale name alias Data Base. \ n #"..., 4096) = 2528

Read (3, "", 4096) = 0

Close (3) = 0

Munmap (0xb7db7000, 4096) = 0

Open ("/usr/share/locale/en_us/lc_messages/coreutils.mo", o_rdonly) =-1 enoent (no such file or directory)

Open ("/usr/share/locale/en/lc_messages/coreutils.mo", o_rdonly) =-1 enoent (no such file or directory)

Write (2, "0 + 100 records in \ n", 17) = 17

Write (2, "0 + 100 records out \ n", 18) = 18

Close (0) = 0

Close (1) = 0

Exit_group (0) =?

Process 4749 detached and check the DD window [root @ csdba ~] # Time dd If =/dev/random of = 1.dmp BS = 1024 k count = 100

0 + 100 records in

0 + 100 records out

Real 4m19. 484 s

User 0m0. 000 s

Sys 0m0. 004s dd has ended. This process also verifies that/dev/random generates random numbers based on irqs. After reading/dev/random, check/dev/urandom [root @ csdba ~]. # Time dd If =/dev/urandom of = 1.dmp BS = 1024 k count = 100
100 + 0 records in

100 + 0 records out

Real 0m21. 758 s

User 0m0. 002 s

Sys 0m21. obviously, 752s is different from/dev/urandom and/dev/random./dev/urandom is not restricted by interrupts, even if there is not enough interrupt, it can generate enough output values through random number generator, so it won't cause dd hang. another interesting thing is that when we execute TIME dd If =/dev/random of = 1.dmp BS = 1024 k count = 100 on Linux, DD will be hang, however, you can use the CTRL + C or kill command to stop the DD, because the Linux DD will work in the user mode. However, if we run dd If =/dev/random of = 1.dmp BS = 1024 k count = 100 on AIX, the DD process will occupy a separate CPU, when dd reads a BS, it enters the kernel mode and cannot be interrupted by Ctrl + C or kill-9. Only after reading a BS, it returns the control to the user, in this case, if the BS value is too large, the DD process will not read enough values from/dev/random and remain in kernel mode, the DD process will consume the CPU until/dev/random provides a new value. Since dd commands are processed differently in Aix and Linux,/dev/urandom is usually used on AIX to generate random numbers.