{
    "mode": "man",
    "parameter": "RAND",
    "section": "7",
    "url": "https://www.chedong.com/phpMan.php/man/RAND/7/json",
    "generated": "2026-05-30T11:54:26Z",
    "sections": {
        "NAME": {
            "content": "RAND - the OpenSSL random generator\n",
            "subsections": []
        },
        "DESCRIPTION": {
            "content": "Random numbers are a vital part of cryptography, they are needed to provide unpredictability\nfor tasks like key generation, creating salts, and many more.  Software-based generators must\nbe seeded with external randomness before they can be used as a cryptographically-secure\npseudo-random number generator (CSPRNG).  The availability of common hardware with special\ninstructions and modern operating systems, which may use items such as interrupt jitter and\nnetwork packet timings, can be reasonable sources of seeding material.\n\nOpenSSL comes with a default implementation of the RAND API which is based on the\ndeterministic random bit generator (DRBG) model as described in [NIST SP 800-90A Rev. 1]. The\ndefault random generator will initialize automatically on first use and will be fully\nfunctional without having to be initialized ('seeded') explicitly.  It seeds and reseeds\nitself automatically using trusted random sources provided by the operating system.\n\nAs a normal application developer, you do not have to worry about any details, just use\nRANDbytes(3) to obtain random data.  Having said that, there is one important rule to obey:\nAlways check the error return value of RANDbytes(3) and do not take randomness for granted.\nAlthough (re-)seeding is automatic, it can fail because no trusted random source is available\nor the trusted source(s) temporarily fail to provide sufficient random seed material.  In\nthis case the CSPRNG enters an error state and ceases to provide output, until it is able to\nrecover from the error by reseeding itself.  For more details on reseeding and error\nrecovery, see EVPRAND(7).\n\nFor values that should remain secret, you can use RANDprivbytes(3) instead.  This method\ndoes not provide 'better' randomness, it uses the same type of CSPRNG.  The intention behind\nusing a dedicated CSPRNG exclusively for private values is that none of its output should be\nvisible to an attacker (e.g., used as salt value), in order to reveal as little information\nas possible about its internal state, and that a compromise of the \"public\" CSPRNG instance\nwill not affect the secrecy of these private values.\n\nIn the rare case where the default implementation does not satisfy your special requirements,\nthe default RAND internals can be replaced by your own EVPRAND(3) objects.\n\nChanging the default random generator should be necessary only in exceptional cases and is\nnot recommended, unless you have a profound knowledge of cryptographic principles and\nunderstand the implications of your changes.\n",
            "subsections": []
        },
        "DEFAULT SETUP": {
            "content": "The default OpenSSL RAND method is based on the EVPRAND deterministic random bit generator\n(DRBG) classes.  A DRBG is a certain type of cryptographically-secure pseudo-random number\ngenerator (CSPRNG), which is described in [NIST SP 800-90A Rev. 1].\n",
            "subsections": []
        },
        "SEE ALSO": {
            "content": "RANDbytes(3), RANDprivbytes(3), EVPRAND(3), RANDget0primary(3), EVPRAND(7)\n",
            "subsections": []
        },
        "COPYRIGHT": {
            "content": "Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.\n\nLicensed under the Apache License 2.0 (the \"License\").  You may not use this file except in\ncompliance with the License.  You can obtain a copy in the file LICENSE in the source\ndistribution or at <https://www.openssl.org/source/license.html>.\n\n\n\n3.0.2                                        2026-04-07                                   RAND(7SSL)",
            "subsections": []
        }
    },
    "summary": "RAND - the OpenSSL random generator",
    "flags": [],
    "examples": [],
    "see_also": [
        {
            "name": "RANDbytes",
            "section": "3",
            "url": "https://www.chedong.com/phpMan.php/man/RANDbytes/3/json"
        },
        {
            "name": "RANDprivbytes",
            "section": "3",
            "url": "https://www.chedong.com/phpMan.php/man/RANDprivbytes/3/json"
        },
        {
            "name": "EVPRAND",
            "section": "3",
            "url": "https://www.chedong.com/phpMan.php/man/EVPRAND/3/json"
        },
        {
            "name": "RANDget0primary",
            "section": "3",
            "url": "https://www.chedong.com/phpMan.php/man/RANDget0primary/3/json"
        },
        {
            "name": "EVPRAND",
            "section": "7",
            "url": "https://www.chedong.com/phpMan.php/man/EVPRAND/7/json"
        }
    ]
}