Thanks for the info, it's really appreciated. Maybe it's really because nothing much is going on on the machine but using openssl (from the example above) seems to be the better choice.
Original Message:
Sent: Fri September 27, 2024 12:51 PM
From: Grover Davidson
Subject: /dev/random & /dev/urandom behaviour
Some of the details you are after are in the man page for urandom:
The /dev/urandom device provides a reliable source of random output, however the output will not be generated from an equal amount of random input
if insufficient input is available. Reads from the /dev/urandom device always return the quantity of output requested without blocking. If
insufficient random input is available, alternate input will be processed by the random number generator to provide cryptographically secure
output, the strength of which will reflect the strength of the algorithms used by the random number generator. Output generated without random
input is theoretically less secure than output generated from random input, so /dev/random should be used for applications for which a high level
of confidence in the security of the output is required.
The entropy is generated by the kernel random process (seen with 'ps -elk') and we maintain a high water mark. When the pool is 3/4 full, we will begin to regenerate entropy. This may seem early, but is can take time to regenerate it so we start early.
The output can contain binary data. I was able to read it using:
dd if=/dev/urandom count=15 bs=1 | od -x
$ dd if=/dev/urandom count=15 bs=1 | od -X
15+0 records in
15+0 records out
15 bytes copied, 0.000100942 s, 149 kB/s
0000000 f26f6d23 f030c05d 7fd82880 2991c500
0000017
Using 'tr' seems to alter it.
------------------------------
Grover Davidson
Original Message:
Sent: Thu September 26, 2024 02:41 AM
From: Stefano Calisto
Subject: /dev/random & /dev/urandom behaviour
Hi there
I have a strange symptom while using /dev/urandom on different systems with the same os-level being 7200-05-07-2346.
When I issue the following command (for random password generation)
Expected behaviour (15 chars) =>
</dev/urandom tr -dc '\_A-Za-z0-9' | head -c15
QTzFHfP3iWuwmcn
on another system
Strange behaviour (only 2 chars or even nothing) =>
</dev/urandom tr -dc '\_A-Za-z0-9' | head -c15
Ck
I dont see any differences in the devices files
ls -la /dev/*random (good system)
crw-r--r-- 1 root system 35, 0 Sep 26 04:43AM /dev/random
crw-r--r-- 1 root system 35, 1 Sep 26 04:43AM /dev/urandom
ls -la /dev/*random (strange system)
crw-r--r-- 1 root system 35, 0 Sep 05 09:17 /dev/random
crw-r--r-- 1 root system 35, 1 Sep 05 09:17 /dev/urandom
Is there some kind of best practice do re-generate the /dev/*random files ? Reboot didn't change the behaviour at all.
Thanks in advance and kind regards,
Stefano
------------------------------
Stefano Calisto
------------------------------