HP-UX 11i Version 1.6 Release Notes
Programming
Strong Random Number Generator
Chapter 7
127
Impact
The random number generator and device interface space requirements are very small.
When loaded, it uses less than 100Kb of memory. For security reasons, this feature does
not store state or initialization data on disk or other permanent device. The DLKM and
configuration files take less than 100Kb on disk.
Compatibility
It is intended that the /dev/[
u
]random read () interfaces provide transparent binary
compatibility for applications developed on Linux. This feature depends on HP-UX 11i
v1.6 external interrupt handling modifications to extract informational entropy, and is
not backward compatible with previously released kernels. It is not dependent on
optional hardware or software.
The various ioctl () commands available with the Linux /dev/random device are not
available with this feature. These commands do not appear to be of general use to
applications. Their usefulness is mostly for investigating performance and production.
The Linux write() capability to /dev/random internal buffering within the kernel is also
not available since it potentially could constitute a security problem.
For verification of internal entropy, a single ioctl (2) command is provided with HP-UX
11i v1.6 to retrieve random data from internal buffering. When data is retrieved using
this command, an AES encryption algorithm is bypassed so that generated data can be
tested for true randomness.
Performance
The performance impact to external interrupt handling, even when the random number
generator is heavily utilized, is very small - much less than 1% of the overhead
associated with interrupt handling.
Obsolescence
Not applicable.
Documentation
The operational characteristics are described in the random (7) manpage that is
installed as part of this feature.