Manualshelf

HP-UX Strong Random Number Generator vB.11.11.07 Product Note

ManualsBrandsHP ManualsSoftwareHP-UX Security Products and Features Software
12345678910
HP-UX Strong Random Number Generator
What is HP-UX Strong Random Number Generator?
Chapter 1
2
For a single, unattended processor with a very light workload, the strong random
number generator will typically produce over 60 bytes per second of random data.
The production rate scales upward with both number of processors and system
workload.
/dev/random
The /dev/random file is the standard blocking interface for fetching random data.
This is a read-only interface that is transparently compatible with Linux-developed
applications, such as SSH. The read (2) system call will not return until the
requested amount of random data, up to 256 bytes, has been collected internally.
This interface returns the highest quality random data. The informational entropy is
not diluted between the collection mechanism and the data returned to the
requestor. If multiple requests for random data are received simultaneously, there
can be a delay of several seconds or more before a request is completed. As an
additional security measure, the data is hashed, using the AES encryption algorithm
before it is delivered to the requestor.
/dev/urandom
The /dev/urandom file is the standard non-blocking interface for fetching random
data. When application performance outweighs the benefit of having the highest
quality random data, popular cryptographic applications prefer the /dev/urandom
interface. By hashing internal buffer contents with the AES encryption algorithm
immediately before the data is delivered, this interface removes any correlation with
previously returned data. Reinitialization of internal buffering by the random data
collection mechanism occurs at least every minute to guarantee that the output
remains unpredictable. Data provided to the requestor through this interface
displays a random profile. While, in theory, the informational entropy may be lower
than that provided by the /dev/random interface, but in practice, the output is
indistinguishable.
NOTE The B.11.11.07 version of KRNG fixes the problem found in the B.11.11.06 version.
The problem was with the dependence of KRNG on loadmods (4) for correctly
generating the special files, /dev/random and /dev/urandom, for each system boot.
If the line “rng” is erased, unpredictable failures can occur when open (2) or read (2)
is attempted on the /dev/random and /dev/urandom special files.
Where to Find Information
For detailed information about KRNG11i, see the random (7) manual page and the
/usr/include/sys/random.h header file, installed with this product.