SunOS 4.1 /dev/random and /dev/urandom loadable modules. version 0.06 - 27 June 2002 G. Helffrich/U. Bristol Earth Sciences These items provide a source of random numbers that is derived from hardware behavior of a computer that should be hard to detect from outside of the running system. The source's principal function is to provide OpenSSH a source of random numbers for cryptographically encoded data exchange over unprotected communication channels between computers. The source is implemented as two devices, /dev/random and /dev/urandom that may be read from to get random data, and may be written to to add randomness to the existing pool. The difference between /dev/random and /dev/urandom is that reads from /dev/urandom will never block. A read from /dev/random will block if there is insufficient entropy in the present pool to provide the amount of data wanted. The read will block until sufficient entropy is gathered from the environment. The items provide: 1. A loadable module driver (random.o) and exec script (random.init) to set up /dev/random and /dev/urandom 2. A daemon (rndd) to start at reboot time that will restore the entropy pool from its previous state as of the previous shutdown, and which will wait for a shutdown to preserve the current entropy pool state across the next shutdown. 3. An include file (sys/random.h) to define the IOCTL's that interact with the pool. 4. A man page entry (random.4) for /dev/random and /dev/urandom 5. A fragment of an /etc/rc.local script (rc.random) that will load any .o files in a prespecified directory as loadable modules early in the boot process. Installation 1. Unpack the tar file. 2. Read the Makefile and edit as appropriate to send the bits listed above to their various destinies. 3. make random.o as super-user 4. make test and if everything is hunky-dory so far, 5. make install If you want to use the procedure for loading loadable drivers at boot time, insert rc.random in the proper place in your /etc/rc.local file. There are two parts in rc.random, one of which should appear early in /etc/rc.local and the other later, in the main body of daemon startup commands. Caveats The principal contributors to entropy are the character and block device drivers, and keyboard interrupts and mouse activity that pass through the kb and ms STREAMS module to whatever drivers are actively using those facilities. Block devices used include scsi disk, tape, and cd, and character devices include "memory" devices (/dev/null, /dev/kmem, /dev/mem), scsi tape, and pseudo-ttys. On workstations, these sources are varied enough, but on servers, only disk accesses and tape use generate significant randomness. Acknowledgements Much of the code is derived from other sources. Theodore Ts'o's Linux device driver lies at the heart of this implementation. The code further draws upon Andreas Maier's Solaris /dev/random device driver. These two sources provided the framework for reverse-engineering the driver to a SunOS 4.x kernel architecture.