HP-UX 11i Version 2 Release Notes (October 2003)
Security
Strong Random Number Generator
Chapter 7
189
The /dev/random device interface provides random, unpredictable binary sequences
through the standard read system call. This read blocks temporarily if the
kernel-resident device buffer is too empty to guarantee the highest level of entropy. The
/dev/urandom device interface has the advantage of a non-blocking read call, but the
entropy may be much more dilute than that provided by /dev/random. This device
interface also provides non-reproducible random data, but relies on cryptographic
hashing to guarantee a non-blocking source of random numbers.
It is intended that the /dev/[u]random read interfaces provide transparent binary
compatibility for applications developed on Linux. However, the various ioctl
commands available with the Linux /dev/random device are not available with this
feature. These commands do not appear to be of general use to applications. The Linux
write capability to /dev/random internal buffering within the kernel is also not
available since it potentially could constitute a security problem.
More information can be found in the random (7) manpage.
Impact
Space requirements are very small. When loaded, it uses less than 100KB of memory.
For security reasons, this feature does not store state or initialization data on disk or
other permanent devices. The DLKM and configuration files take less than 100KB on
disk.
Compatibility
There are no compatibility issues.
Performance
The performance impact to external interrupt handling, even when the strong random
number generator is heavily utilized, is very small—much less than 1% of the overhead
associated with interrupt handling.
Documentation
More information can be found in the random (7) manpage.
Obsolescence
Not applicable.