HP-UX 11i Version 2 Release Notes (October 2003)
Security
Strong Random Number Generator
Chapter 7
188
On a system which has been converted to use Shadow Passwords, the only applications
that can be affected are those that either use the getpwent/getpwnam interfaces, or
directly access the password field of the /etc/passwd file with the assumption that
password and aging information resides there. Every password field is set to x, and the
corresponding encrypted password is stored in the /etc/shadow file, which is accessible
only by privileged users.
Performance
There are no performance issues.
Documentation
The following manpages have been updated appropriately:
• pwconv (1M)
• pwunconv (1M)
• pwck (1M)
• passwd (1)
• getspent (3C)
• putspent (3C)
• passwd (4)
• shadow (4)
• security (4)
Obsolescence
Not applicable.
Strong Random Number Generator
HP-UX 11i v2 Strong Random Number Generator provides a secure, non-reproducible
source of binary sequences for applications that generate encryption keys and other
cryptographic quantities. It extracts informational entropy from sub-microsecond timing
data associated with external interrupts. In contrast to pseudo-random number
generators such as random (3M), this feature does not depend on computationally
deriving random sequences from seed values, and is truly unpredictable. It provides a
higher degree of security for cryptographic applications.
Summary of Change
The Strong Random Number Generator is new in HP-UX 11i v2. This feature is provided
as a Dynamically Loadable Kernel Module (DLKM) that can be configured into or
removed from the HP-UX kernel without rebooting the system. This feature only
requires that the /dev/random and /dev/urandom devices are not in use during removal
or upgrade. Installation, upgrade, and removal can be completed without system
downtime.