{
    "mode": "man",
    "parameter": "random",
    "section": "7",
    "url": "https://www.chedong.com/phpMan.php/man/random/7/json",
    "generated": "2026-06-16T03:36:53Z",
    "sections": {
        "NAME": {
            "content": "random - overview of interfaces for obtaining randomness\n",
            "subsections": []
        },
        "DESCRIPTION": {
            "content": "The  kernel  random-number generator relies on entropy gathered from device drivers and other\nsources of environmental noise to seed a cryptographically secure pseudorandom number genera-\ntor (CSPRNG).  It is designed for security, rather than speed.\n\nThe following interfaces provide access to output from the kernel CSPRNG:\n\n*  The /dev/urandom and /dev/random devices, both described in random(4).  These devices have\nbeen present on Linux since early times, and are also available on many other systems.\n\n*  The Linux-specific getrandom(2) system call, available since Linux 3.17.  This system call\nprovides  access  either  to the same source as /dev/urandom (called the urandom source in\nthis page) or to the same source as /dev/random (called the random source in  this  page).\nThe  default  is  the  urandom  source;  the  random  source is selected by specifying the\nGRNDRANDOM flag to the system call.  (The getentropy(3) function provides a slightly more\nportable interface on top of getrandom(2).)\n\nInitialization of the entropy pool\nThe kernel collects bits of entropy from the environment.  When a sufficient number of random\nbits has been collected, the entropy pool is considered to be initialized.\n\nChoice of random source\nUnless you are doing long-term key generation (and most likely not even then),  you  probably\nshouldn't be reading from the /dev/random device or employing getrandom(2) with the GRNDRAN-\nDOM flag.  Instead, either read from the /dev/urandom device or employ  getrandom(2)  without\nthe  GRNDRANDOM  flag.   The  cryptographic algorithms used for the urandom source are quite\nconservative, and so should be sufficient for all purposes.\n\nThe disadvantage of GRNDRANDOM and reads from /dev/random is that the  operation  can  block\nfor an indefinite period of time.  Furthermore, dealing with the partially fulfilled requests\nthat can occur when using GRNDRANDOM or when reading from /dev/random  increases  code  com-\nplexity.\n\nMonte Carlo and other probabilistic sampling applications\nUsing  these  interfaces  to  provide large quantities of data for Monte Carlo simulations or\nother programs/algorithms which are doing probabilistic sampling will be slow.   Furthermore,\nit is unnecessary, because such applications do not need cryptographically secure random num-\nbers.  Instead, use the interfaces described in this page to obtain a small amount of data to\nseed a user-space pseudorandom number generator for use by such applications.\n\nComparison between getrandom, /dev/urandom, and /dev/random\nThe following table summarizes the behavior of the various interfaces that can be used to ob-\ntain randomness.  GRNDNONBLOCK is a flag that can be used to control the  blocking  behavior\nof  getrandom(2).   The  final column of the table considers the case that can occur in early\nboot time when the entropy pool is not yet initialized.\n\n+--------------+--------------+----------------+--------------------+\n|Interface     | Pool         | Blocking       | Behavior when pool |\n|              |              | behavior       | is not yet ready   |\n+--------------+--------------+----------------+--------------------+\n|/dev/random   | Blocking     | If entropy too | Blocks until       |\n|              | pool         | low, blocks    | enough entropy     |\n|              |              | until there is | gathered           |\n|              |              | enough entropy |                    |\n|              |              | again          |                    |\n+--------------+--------------+----------------+--------------------+\n|/dev/urandom  | CSPRNG out-  | Never blocks   | Returns output     |\n|              | put          |                | from uninitialized |\n|              |              |                | CSPRNG (may be low |\n|              |              |                | entropy and un-    |\n|              |              |                | suitable for cryp- |\n|              |              |                | tography)          |\n+--------------+--------------+----------------+--------------------+\n|getrandom()   | Same as      | Does not block | Blocks until pool  |\n|              | /dev/urandom | once is pool   | ready              |\n|              |              | ready          |                    |\n+--------------+--------------+----------------+--------------------+\n|getrandom()   | Same as      | If entropy too | Blocks until pool  |\n|GRNDRANDOM   | /dev/random  | low, blocks    | ready              |\n|              |              | until there is |                    |\n|              |              | enough entropy |                    |\n|              |              | again          |                    |\n+--------------+--------------+----------------+--------------------+\n|getrandom()   | Same as      | Does not block | EAGAIN             |\n|GRNDNONBLOCK | /dev/urandom | once is pool   |                    |\n|              |              | ready          |                    |\n+--------------+--------------+----------------+--------------------+\n|getrandom()   | Same as      | EAGAIN if not  | EAGAIN             |\n|GRNDRANDOM + | /dev/random  | enough entropy |                    |\n|GRNDNONBLOCK |              | available      |                    |\n+--------------+--------------+----------------+--------------------+\nGenerating cryptographic keys\nThe amount of seed material required to generate a cryptographic key equals the effective key\nsize of the key.  For example, a 3072-bit RSA or Diffie-Hellman private key has an  effective\nkey  size  of 128 bits (it requires about 2^128 operations to break) so a key generator needs\nonly 128 bits (16 bytes) of seed material from /dev/random.\n\nWhile some safety margin above that minimum is reasonable, as a guard against  flaws  in  the\nCSPRNG  algorithm,  no  cryptographic primitive available today can hope to promise more than\n256 bits of security, so if any program reads more than 256 bits (32 bytes) from  the  kernel\nrandom  pool  per  invocation,  or per reasonable reseed interval (not less than one minute),\nthat should be taken as a sign that its cryptography is not skillfully implemented.\n",
            "subsections": []
        },
        "SEE ALSO": {
            "content": "getrandom(2), getauxval(3), getentropy(3), random(4), urandom(4), signal(7)\n",
            "subsections": []
        },
        "COLOPHON": {
            "content": "This page is part of release 5.10 of the Linux  man-pages  project.   A  description  of  the\nproject,  information about reporting bugs, and the latest version of this page, can be found\nat https://www.kernel.org/doc/man-pages/.\n\nLinux                                       2017-03-13                                  RANDOM(7)",
            "subsections": []
        }
    },
    "summary": "random - overview of interfaces for obtaining randomness",
    "flags": [],
    "examples": [],
    "see_also": [
        {
            "name": "getrandom",
            "section": "2",
            "url": "https://www.chedong.com/phpMan.php/man/getrandom/2/json"
        },
        {
            "name": "getauxval",
            "section": "3",
            "url": "https://www.chedong.com/phpMan.php/man/getauxval/3/json"
        },
        {
            "name": "getentropy",
            "section": "3",
            "url": "https://www.chedong.com/phpMan.php/man/getentropy/3/json"
        },
        {
            "name": "urandom",
            "section": "4",
            "url": "https://www.chedong.com/phpMan.php/man/urandom/4/json"
        },
        {
            "name": "signal",
            "section": "7",
            "url": "https://www.chedong.com/phpMan.php/man/signal/7/json"
        }
    ]
}