pages tagged encryptionyakkinghttp://yakking.branchable.com/tags/encryption/yakkingikiwiki2016-01-27T12:00:13ZRandom Numbers in Linuxhttp://yakking.branchable.com/posts/random/Will Holland2016-01-27T12:00:13Z2016-01-27T12:00:07Z
<p>If you are writing a game, a simulation, a statistical model or, heaven
forbid, <a href="http://motherboard.vice.com/read/why-you-dont-roll-your-own-crypto">rolling your own encryption</a>, then you will probably want some
random numbers. There is no way for your computer to provide random numbers in
the same way that you can from a fair coin-toss or dice-roll but there are
many ways to get what are called <a href="https://en.wikipedia.org/wiki/Pseudorandomness">pseudorandom numbers</a>. Pseudorandom numbers
are not <a href="http://boallen.com/random-numbers.html">truly random</a> but they are <a href="http://computing.dcu.ie/~humphrys/Notes/Neural/chaos.html">chaotic</a> and difficult to predict.
Linux provides random numbers in two ways, via <code>/dev/random</code> and
<code>/dev/urandom</code>.</p>
<p>The character device <code>/dev/urandom</code> will give a constant stream of
pseudorandom numbers on demand. Try executing <code>od /dev/urandom</code> in your
terminal to see the random bytes it outputs. The device can output a stream of
numbers indefinitely.</p>
<p>The other random number device <code>/dev/random</code> is used differently. If you do
<code>od /dev/random</code> you will notice it output numbers for a while and then
stop. This is because it generates its numbers by drawing from a 'pool' of
randomness that is kept in the kernel. This pool collects events which are
considered random, such as time between keystrokes and mouse movements. When
<code>/dev/random</code> wants to generate a number it takes some <a href="https://en.wikipedia.org/wiki/Entropy_(computing)">entropy</a> from the
pool and use it to make the pseudorandom number it generates less
predictable. However, once the pool has run out of entropy <code>/dev/random</code>
will stop outputting numbers until some more entropy is available. Try running
<code>od /dev/random</code> until the numbers stop and then watch then start up again
by jiggling your mouse around. If you have ever generated a large <a href="https://www.gnupg.org/">gpg</a> key
then you will know what it is like to run out of entropy and need to jiggle
your mouse around for a while. There do exist <a href="http://www.entropykey.co.uk/">other ways</a> to refill your
entropy pool.</p>
<p>Incidentally, <code>/dev/urandom</code> also uses entropy from the same pool if entropy
is available but if none is available then numbers will be generated using an
iterative process with no entropy involved.</p>
<p>It is useful to have an idea of how linux does random numbers but when writing
a program it is unlikely that you will use <code>/dev/random</code> or <code>/dev/urandom</code>
directly; practically all modern programming languages provide you with some
way of getting random numbers. Python, for example, asks <code>/dev/urandom</code>
for random numbers when you use the <code>random</code> module. It is also worth
mentioning that a lot of programming languages will have their own
pseudorandom number generators and not rely on the Linux kernel at all. Such
generators are many and varied and will the covered in a future article.</p>