1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-21 11:13:30 +00:00
freebsd/share/man/man4/random.4
Jens Schweikhardt c1f3e4bf21 Removed whitespace at end-of-line; no content changes. I simply did
cd src/share; find man[1-9] -type f|xargs perl -pi -e 's/[ \t]+$//'

BTW, what editors are the culprits? I'm using vim and it shows
me whitespace at EOL in troff files with a thick blue block...

Reviewed by:	Silence from cvs diff -b
MFC after:	7 days
2001-07-14 19:41:16 +00:00

180 lines
5.3 KiB
Groff

.\" Copyright (c) 2001 Mark R V Murray. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD$
.\"
.Dd February 10, 2001
.Dt RANDOM 4
.Os
.Sh NAME
.Nm random
.Nd the entropy device
.Sh DESCRIPTION
The
.Nm
device accepts and reads data as any ordinary (and willing) file,
but throws away any data written to it,
and returns an endless supply of random bytes when read.
.Pp
The only purpose of writing data to
.Nm
is to perturb the internal state.
This perturbation of the internal state
is the only userland method of introducing
extra entropy into the device.
If the writer has superuser privilege,
then closing the device after writing
will make the internal generator reseed itself.
This can be used for extra security,
as it immediately introduces any/all new entropy
into the PRNG.
The
.Nm
device can be controlled with
.Xr sysctl 8 .
.Pp
To see the devices' current settings, use the command line:
.Pp
.Dl sysctl kern.random
.Pp
which results in something like:
.Pp
.Bd -literal -offset indent
kern.random.sys.seeded: 1
kern.random.sys.burst: 20
kern.random.sys.harvest.ethernet: 0
kern.random.sys.harvest.point_to_point: 0
kern.random.sys.harvest.interrupt: 0
kern.random.yarrow.gengateinterval: 10
kern.random.yarrow.bins: 10
kern.random.yarrow.fastthresh: 100
kern.random.yarrow.slowthresh: 160
kern.random.yarrow.slowoverthresh: 2
.Ed
.Pp
All settings are read/write.
.Pp
The
.Va kern.random.sys.seeded
variable indicates whether or not the
.Nm
device is in an acceptably secure state
as a result of reseeding.
If set to 0, the device will block (on read) until the next reseed
(which can be from an explicit write,
or as a result of entropy harvesting).
A reseed will set the value to 1 (non-blocking).
.Pp
The
.Va kern.random.sys.burst
variable instructs the kernel thread
that processes the harvest queue
to
.Xr tsleep 9
briefly after that many events
have been processed.
This helps prevent the random device
from being so compute-bound
that it takes over all processing ability.
A value of zero (0) is treated as
.Em infinity ,
and will only allow the kernel to pause
if the queue is empty.
Only values in the range
.Bq 0..20
are accepted.
.Pp
The
.Va kern.random.sys.harvest.ethernet
variable is used to select LAN traffic as an entropy source.
A zero (0) value means that LAN traffic
is not considered as an entropy source.
Set the variable to one (1)
if you wish to use LAN traffic for entropy harvesting.
.Pp
The
.Va kern.random.sys.harvest.point_to_point
variable is used to select serial line traffic as an entropy source.
(Serial line traffic includes PPP, SLIP and all tun0 traffic.)
A zero (0) value means such traffic
is not considered as an entropy source.
Set the variable to one (1)
if you wish to use it for entropy harvesting.
.Pp
The
.Va kern.random.sys.harvest.interrupt
variable is used to select hardware interrupts
as an entropy source.
A zero (0) value means interrupts
are not considered as an entropy source.
Set the variable to one (1)
if you wish to use them for entropy harvesting.
All interrupt harvesting is setup by the
individual device drivers.
.Pp
The other variables are explained in the paper describing the
.Em Yarrow
algorithm at
.Pa http://www.counterpane.com/yarrow.html .
.Pp
These variables are all limited
in terms of the values they may contain:
.Bl -tag -width "kern.random.yarrow.gengateinterval" -compact -offset indent
.It Va kern.random.yarrow.gengateinterval
.Bq 4..64
.It Va kern.random.yarrow.bins
.Bq 2..16
.It Va kern.random.yarrow.fastthresh
.Bq 64..256
.It Va kern.random.yarrow.slowthresh
.Bq 64..256
.It Va kern.random.yarrow.slowoverthresh
.Bq 1..5
.El
.Pp
Internal
.Xr sysctl 3
handlers force the above variables
into the stated ranges.
.Sh FILES
.Bl -tag -width /dev/random
.It Pa /dev/random
.El
.Sh SEE ALSO
.Xr sysctl 8
.Sh HISTORY
A
.Nm
device appeared in
.Fx 2.2 .
The early version was taken from Theodore Ts'o's entropy driver for Linux.
The current implementation,
introduced in
.Fx 5.0 ,
is a complete rewrite by
.An Mark R V Murray ,
and is an implementation of the
.Em Yarrow
algorithm by Bruce Schneier,
.Em et al .