# phpman > man > random(7) [RANDOM(7)](https://www.chedong.com/phpMan.php/man/RANDOM/7/markdown) Linux Programmer's Manual [RANDOM(7)](https://www.chedong.com/phpMan.php/man/RANDOM/7/markdown) ## NAME random - overview of interfaces for obtaining randomness ## DESCRIPTION The kernel random-number generator relies on entropy gathered from device drivers and other sources of environmental noise to seed a cryptographically secure pseudorandom number genera‐ tor (CSPRNG). It is designed for security, rather than speed. The following interfaces provide access to output from the kernel CSPRNG: * The _/dev/urandom_ and _/dev/random_ devices, both described in [**random**(4)](https://www.chedong.com/phpMan.php/man/random/4/markdown). These devices have been present on Linux since early times, and are also available on many other systems. * The Linux-specific [**getrandom**(2)](https://www.chedong.com/phpMan.php/man/getrandom/2/markdown) system call, available since Linux 3.17. This system call provides access either to the same source as _/dev/urandom_ (called the _urandom_ source in this page) or to the same source as _/dev/random_ (called the _random_ source in this page). The default is the _urandom_ source; the _random_ source is selected by specifying the **GRND**___**RANDOM** flag to the system call. (The [**getentropy**(3)](https://www.chedong.com/phpMan.php/man/getentropy/3/markdown) function provides a slightly more portable interface on top of [**getrandom**(2)](https://www.chedong.com/phpMan.php/man/getrandom/2/markdown).) ### Initialization of the entropy pool The kernel collects bits of entropy from the environment. When a sufficient number of random bits has been collected, the entropy pool is considered to be initialized. ### Choice of random source Unless you are doing long-term key generation (and most likely not even then), you probably shouldn't be reading from the _/dev/random_ device or employing [**getrandom**(2)](https://www.chedong.com/phpMan.php/man/getrandom/2/markdown) with the **GRND**___**RAN**‐‐ **DOM** flag. Instead, either read from the _/dev/urandom_ device or employ [**getrandom**(2)](https://www.chedong.com/phpMan.php/man/getrandom/2/markdown) without the **GRND**___**RANDOM** flag. The cryptographic algorithms used for the _urandom_ source are quite conservative, and so should be sufficient for all purposes. The disadvantage of **GRND**___**RANDOM** and reads from _/dev/random_ is that the operation can block for an indefinite period of time. Furthermore, dealing with the partially fulfilled requests that can occur when using **GRND**___**RANDOM** or when reading from _/dev/random_ increases code com‐ plexity. ### Monte Carlo and other probabilistic sampling applications Using these interfaces to provide large quantities of data for Monte Carlo simulations or other programs/algorithms which are doing probabilistic sampling will be slow. Furthermore, it is unnecessary, because such applications do not need cryptographically secure random num‐ bers. Instead, use the interfaces described in this page to obtain a small amount of data to seed a user-space pseudorandom number generator for use by such applications. ### Comparison between getrandom, /dev/urandom, and /dev/random The following table summarizes the behavior of the various interfaces that can be used to ob‐ tain randomness. **GRND**___**NONBLOCK** is a flag that can be used to control the blocking behavior of [**getrandom**(2)](https://www.chedong.com/phpMan.php/man/getrandom/2/markdown). The final column of the table considers the case that can occur in early boot time when the entropy pool is not yet initialized. ┌──────────────┬──────────────┬────────────────┬────────────────────┐ │**Interface** │ **Pool** │ **Blocking** │ **Behavior** **when** **pool** │ │ │ │ **behavior** │ **is** **not** **yet** **ready** │ ├──────────────┼──────────────┼────────────────┼────────────────────┤ │_/dev/random_ │ Blocking │ If entropy too │ Blocks until │ │ │ pool │ low, blocks │ enough entropy │ │ │ │ until there is │ gathered │ │ │ │ enough entropy │ │ │ │ │ again │ │ ├──────────────┼──────────────┼────────────────┼────────────────────┤ │_/dev/urandom_ │ CSPRNG out‐ │ Never blocks │ Returns output │ │ │ put │ │ from uninitialized │ │ │ │ │ CSPRNG (may be low │ │ │ │ │ entropy and un‐ │ │ │ │ │ suitable for cryp‐ │ │ │ │ │ tography) │ ├──────────────┼──────────────┼────────────────┼────────────────────┤ │**getrandom**() │ Same as │ Does not block │ Blocks until pool │ │ │ _/dev/urandom_ │ once is pool │ ready │ │ │ │ ready │ │ ├──────────────┼──────────────┼────────────────┼────────────────────┤ │**getrandom**() │ Same as │ If entropy too │ Blocks until pool │ │**GRND**___**RANDOM** │ _/dev/random_ │ low, blocks │ ready │ │ │ │ until there is │ │ │ │ │ enough entropy │ │ │ │ │ again │ │ ├──────────────┼──────────────┼────────────────┼────────────────────┤ │**getrandom**() │ Same as │ Does not block │ **EAGAIN** │ │**GRND**___**NONBLOCK** │ _/dev/urandom_ │ once is pool │ │ │ │ │ ready │ │ ├──────────────┼──────────────┼────────────────┼────────────────────┤ │**getrandom**() │ Same as │ **EAGAIN** if not │ **EAGAIN** │ │**GRND**___**RANDOM** + │ _/dev/random_ │ enough entropy │ │ │**GRND**___**NONBLOCK** │ │ available │ │ └──────────────┴──────────────┴────────────────┴────────────────────┘ ### Generating cryptographic keys The amount of seed material required to generate a cryptographic key equals the effective key size of the key. For example, a 3072-bit RSA or Diffie-Hellman private key has an effective key size of 128 bits (it requires about 2^128 operations to break) so a key generator needs only 128 bits (16 bytes) of seed material from _/dev/random_. While some safety margin above that minimum is reasonable, as a guard against flaws in the CSPRNG algorithm, no cryptographic primitive available today can hope to promise more than 256 bits of security, so if any program reads more than 256 bits (32 bytes) from the kernel random pool per invocation, or per reasonable reseed interval (not less than one minute), that should be taken as a sign that its cryptography is _not_ skillfully implemented. ## SEE ALSO [**getrandom**(2)](https://www.chedong.com/phpMan.php/man/getrandom/2/markdown), [**getauxval**(3)](https://www.chedong.com/phpMan.php/man/getauxval/3/markdown), [**getentropy**(3)](https://www.chedong.com/phpMan.php/man/getentropy/3/markdown), [**random**(4)](https://www.chedong.com/phpMan.php/man/random/4/markdown), [**urandom**(4)](https://www.chedong.com/phpMan.php/man/urandom/4/markdown), [**signal**(7)](https://www.chedong.com/phpMan.php/man/signal/7/markdown) ## COLOPHON This page is part of release 5.10 of the Linux _man-pages_ project. A description of the project, information about reporting bugs, and the latest version of this page, can be found at . Linux 2017-03-13 [RANDOM(7)](https://www.chedong.com/phpMan.php/man/RANDOM/7/markdown)