Poster of Linux kernelThe best gift for a Linux geek
IPSEC_RANBITS

IPSEC_RANBITS

Section: 22 Aug 2000 (8) Updated: 11/14/2008
Local index Up
 

NAME

ipsec_ranbits - generate random bits in ASCII form  

SYNOPSIS

ipsec ranbits [--quick] [--continuous] [--bytes] nbits
 

DESCRIPTION

Ranbits

obtains nbits (rounded up to the nearest byte) high-quality random bits from random(4), and emits them on standard output as an ASCII string. The default output format is datatot(3) h format: lowercase hexadecimal with a 0x prefix and an underscore every 32 bits.

The --quick option produces quick-and-dirty random bits: instead of using the high-quality random bits from /dev/random, which may take some time to supply the necessary bits if nbits is large, ranbits uses /dev/urandom, which yields prompt results but lower-quality randomness.

The --continuous option uses datatot(3) x output format, like h but without the underscores.

The --bytes option causes nbits to be interpreted as a byte count rather than a bit count.  

FILES

/dev/random, /dev/urandom  

SEE ALSO

ipsec_datatot(3), random(4)  

HISTORY

Written for the Linux FreeS/WAN project <http://www.freeswan.org> by Henry Spencer.  

BUGS

There is an internal limit on nbits, currently 20000.

Without --quick, ranbits's run time is difficult to predict. A request for a large number of bits, at a time when the system's entropy pool is low on randomness, may take quite a while to satisfy.

Though not a bug of ranbits, the direct use of /dev/hw_random, the Linux hardware random number generator is not supported because it can produce very non-random data. To properly use /dev/hw_random, the rngd daemon should be used to read from /dev/hw_random and write to /dev/random, while performing a FIPS test on the hardware random read. No changes to Openswan are required for this support - just a running rngd.


 

Index

NAME
SYNOPSIS
DESCRIPTION
FILES
SEE ALSO
HISTORY
BUGS

This document was created by man2html, using the manual pages.
Time: 22:01:49 GMT, April 16, 2011