AIX

Hi there

I have a strange symptom while using /dev/urandom on different systems with the same os-level being 7200-05-07-2346.

When I issue the following command (for random password generation)

Expected behaviour (15 chars) =>
</dev/urandom tr -dc '\_A-Za-z0-9' | head -c15
QTzFHfP3iWuwmcn

on another system

Strange behaviour (only 2 chars or even nothing) =>
</dev/urandom tr -dc '\_A-Za-z0-9' | head -c15
Ck

I dont see any differences in the devices files

ls -la /dev/*random (good system)
crw-r--r--    1 root     system       35,  0 Sep 26 04:43AM /dev/random
crw-r--r--    1 root     system       35,  1 Sep 26 04:43AM /dev/urandom

ls -la /dev/*random (strange system)
crw-r--r--    1 root     system       35,  0 Sep 05 09:17 /dev/random
crw-r--r--    1 root     system       35,  1 Sep 05 09:17 /dev/urandom

Is there some kind of best practice do re-generate the /dev/*random files ? Reboot didn't change the behaviour at all.

Thanks in advance and kind regards,

Stefano

Hi there

I have a strange symptom while using /dev/urandom on different systems with the same os-level being 7200-05-07-2346.

When I issue the following command (for random password generation)

Expected behaviour (15 chars) =>
</dev/urandom tr -dc '\_A-Za-z0-9' | head -c15
QTzFHfP3iWuwmcn

on another system

Strange behaviour (only 2 chars or even nothing) =>
</dev/urandom tr -dc '\_A-Za-z0-9' | head -c15
Ck

I dont see any differences in the devices files

ls -la /dev/*random (good system)
crw-r--r--    1 root     system       35,  0 Sep 26 04:43AM /dev/random
crw-r--r--    1 root     system       35,  1 Sep 26 04:43AM /dev/urandom

ls -la /dev/*random (strange system)
crw-r--r--    1 root     system       35,  0 Sep 05 09:17 /dev/random
crw-r--r--    1 root     system       35,  1 Sep 05 09:17 /dev/urandom

Is there some kind of best practice do re-generate the /dev/*random files ? Reboot didn't change the behaviour at all.

Thanks in advance and kind regards,

Stefano

Hi there

I have a strange symptom while using /dev/urandom on different systems with the same os-level being 7200-05-07-2346.

When I issue the following command (for random password generation)

Expected behaviour (15 chars) =>
</dev/urandom tr -dc '\_A-Za-z0-9' | head -c15
QTzFHfP3iWuwmcn

on another system

Strange behaviour (only 2 chars or even nothing) =>
</dev/urandom tr -dc '\_A-Za-z0-9' | head -c15
Ck

I dont see any differences in the devices files

ls -la /dev/*random (good system)
crw-r--r--    1 root     system       35,  0 Sep 26 04:43AM /dev/random
crw-r--r--    1 root     system       35,  1 Sep 26 04:43AM /dev/urandom

ls -la /dev/*random (strange system)
crw-r--r--    1 root     system       35,  0 Sep 05 09:17 /dev/random
crw-r--r--    1 root     system       35,  1 Sep 05 09:17 /dev/urandom

Is there some kind of best practice do re-generate the /dev/*random files ? Reboot didn't change the behaviour at all.

Thanks in advance and kind regards,

Stefano

Some of the details you are after are in the man page for urandom:

       The /dev/urandom device provides a reliable source of random output, however the output will not be generated from an equal amount of random input
       if insufficient input is available. Reads from the /dev/urandom device always return the quantity of output requested without blocking. If
       insufficient random input is available, alternate input will be processed by the random number generator to provide cryptographically secure
       output, the strength of which will reflect the strength of the algorithms used by the random number generator. Output generated without random
       input is theoretically less secure than output generated from random input, so /dev/random should be used for applications for which a high level
       of confidence in the security of the output is required.

The entropy is generated by the kernel random process (seen with 'ps -elk') and we maintain a high water mark. When the pool is 3/4 full, we will begin to regenerate entropy. This may seem early, but is can take time to regenerate it so we start early. 

The output can contain binary data. I was able to read it using:

       dd if=/dev/urandom count=15 bs=1 | od -x

$ dd if=/dev/urandom count=15 bs=1 | od -X
15+0 records in
15+0 records out
15 bytes copied, 0.000100942 s, 149 kB/s
0000000 f26f6d23 f030c05d 7fd82880 2991c500
0000017

Using 'tr' seems to alter it. 

Hi there

I have a strange symptom while using /dev/urandom on different systems with the same os-level being 7200-05-07-2346.

When I issue the following command (for random password generation)

Expected behaviour (15 chars) =>
</dev/urandom tr -dc '\_A-Za-z0-9' | head -c15
QTzFHfP3iWuwmcn

on another system

Strange behaviour (only 2 chars or even nothing) =>
</dev/urandom tr -dc '\_A-Za-z0-9' | head -c15
Ck

I dont see any differences in the devices files

ls -la /dev/*random (good system)
crw-r--r--    1 root     system       35,  0 Sep 26 04:43AM /dev/random
crw-r--r--    1 root     system       35,  1 Sep 26 04:43AM /dev/urandom

ls -la /dev/*random (strange system)
crw-r--r--    1 root     system       35,  0 Sep 05 09:17 /dev/random
crw-r--r--    1 root     system       35,  1 Sep 05 09:17 /dev/urandom

Is there some kind of best practice do re-generate the /dev/*random files ? Reboot didn't change the behaviour at all.

Thanks in advance and kind regards,

Stefano