| rand.3 (206048) | rand.3 (215698) |
|---|---|
| 1.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 | 1.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) |
| 2.\" 3.\" Standard preamble: 4.\" ======================================================================== | 2.\" 3.\" Standard preamble: 4.\" ======================================================================== |
| 5.de Sh \" Subsection heading 6.br 7.if t .Sp 8.ne 5 9.PP 10\fB\\$1\fR 11.PP 12.. | |
| 13.de Sp \" Vertical space (when we can't use .PP) 14.if t .sp .5v 15.if n .sp 16.. 17.de Vb \" Begin verbatim text 18.ft CW 19.nf 20.ne \\$1 21.. 22.de Ve \" End verbatim text 23.ft R 24.fi 25.. 26.\" Set up some character translations and predefined strings. \*(-- will 27.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left | 5.de Sp \" Vertical space (when we can't use .PP) 6.if t .sp .5v 7.if n .sp 8.. 9.de Vb \" Begin verbatim text 10.ft CW 11.nf 12.ne \\$1 13.. 14.de Ve \" End verbatim text 15.ft R 16.fi 17.. 18.\" Set up some character translations and predefined strings. \*(-- will 19.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left |
| 28.\" double quote, and \*(R" will give a right double quote. | will give a 29.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to 30.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' 31.\" expand to `' in nroff, nothing in troff, for use with C<>. 32.tr \(*W-|\(bv\*(Tr | 20.\" double quote, and \*(R" will give a right double quote. \*(C+ will 21.\" give a nicer C++. Capital omega is used to do unbreakable dashes and 22.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, 23.\" nothing in troff, for use with C<>. 24.tr \(*W- |
| 33.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' 34.ie n \{\ 35. ds -- \(*W- 36. ds PI pi 37. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch 38. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch 39. ds L" "" 40. ds R" "" 41. ds C` "" 42. ds C' "" 43'br\} 44.el\{\ 45. ds -- \|\(em\| 46. ds PI \(*p 47. ds L" `` 48. ds R" '' 49'br\} 50.\" | 25.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' 26.ie n \{\ 27. ds -- \(*W- 28. ds PI pi 29. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch 30. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch 31. ds L" "" 32. ds R" "" 33. ds C` "" 34. ds C' "" 35'br\} 36.el\{\ 37. ds -- \|\(em\| 38. ds PI \(*p 39. ds L" `` 40. ds R" '' 41'br\} 42.\" |
| 43.\" Escape single quotes in literal strings from groff's Unicode transform. 44.ie \n(.g .ds Aq \(aq 45.el .ds Aq ' 46.\" |
|
| 51.\" If the F register is turned on, we'll generate index entries on stderr for | 47.\" If the F register is turned on, we'll generate index entries on stderr for |
| 52.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index | 48.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index |
| 53.\" entries marked with X<> in POD. Of course, you'll have to process the 54.\" output yourself in some meaningful fashion. | 49.\" entries marked with X<> in POD. Of course, you'll have to process the 50.\" output yourself in some meaningful fashion. |
| 55.if \nF \{\ | 51.ie \nF \{\ |
| 56. de IX 57. tm Index:\\$1\t\\n%\t"\\$2" 58.. 59. nr % 0 60. rr F 61.\} | 52. de IX 53. tm Index:\\$1\t\\n%\t"\\$2" 54.. 55. nr % 0 56. rr F 57.\} |
| 58.el \{\ 59. de IX 60.. 61.\} |
|
| 62.\" | 62.\" |
| 63.\" For nroff, turn off justification. Always turn off hyphenation; it makes 64.\" way too many mistakes in technical documents. 65.hy 0 66.if n .na 67.\" | |
| 68.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). 69.\" Fear. Run. Save yourself. No user-serviceable parts. 70. \" fudge factors for nroff and troff 71.if n \{\ 72. ds #H 0 73. ds #V .8m 74. ds #F .3m 75. ds #[ \f1 --- 48 unchanged lines hidden (view full) --- 124. ds Th \o'LP' 125. ds ae ae 126. ds Ae AE 127.\} 128.rm #[ #] #H #V #F C 129.\" ======================================================================== 130.\" 131.IX Title "rand 3" | 63.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). 64.\" Fear. Run. Save yourself. No user-serviceable parts. 65. \" fudge factors for nroff and troff 66.if n \{\ 67. ds #H 0 68. ds #V .8m 69. ds #F .3m 70. ds #[ \f1 --- 48 unchanged lines hidden (view full) --- 119. ds Th \o'LP' 120. ds ae ae 121. ds Ae AE 122.\} 123.rm #[ #] #H #V #F C 124.\" ======================================================================== 125.\" 126.IX Title "rand 3" |
| 132.TH rand 3 "2010-03-24" "0.9.8n" "OpenSSL" | 127.TH rand 3 "2010-11-16" "0.9.8p" "OpenSSL" 128.\" For nroff, turn off justification. Always turn off hyphenation; it makes 129.\" way too many mistakes in technical documents. 130.if n .ad l 131.nh |
| 133.SH "NAME" 134rand \- pseudo\-random number generator 135.SH "SYNOPSIS" 136.IX Header "SYNOPSIS" 137.Vb 1 138\& #include <openssl/rand.h> | 132.SH "NAME" 133rand \- pseudo\-random number generator 134.SH "SYNOPSIS" 135.IX Header "SYNOPSIS" 136.Vb 1 137\& #include <openssl/rand.h> |
| 139.Ve 140.PP 141.Vb 1 | 138\& |
| 142\& int RAND_set_rand_engine(ENGINE *engine); | 139\& int RAND_set_rand_engine(ENGINE *engine); |
| 143.Ve 144.PP 145.Vb 2 | 140\& |
| 146\& int RAND_bytes(unsigned char *buf, int num); 147\& int RAND_pseudo_bytes(unsigned char *buf, int num); | 141\& int RAND_bytes(unsigned char *buf, int num); 142\& int RAND_pseudo_bytes(unsigned char *buf, int num); |
| 148.Ve 149.PP 150.Vb 3 | 143\& |
| 151\& void RAND_seed(const void *buf, int num); 152\& void RAND_add(const void *buf, int num, int entropy); 153\& int RAND_status(void); | 144\& void RAND_seed(const void *buf, int num); 145\& void RAND_add(const void *buf, int num, int entropy); 146\& int RAND_status(void); |
| 154.Ve 155.PP 156.Vb 3 | 147\& |
| 157\& int RAND_load_file(const char *file, long max_bytes); 158\& int RAND_write_file(const char *file); 159\& const char *RAND_file_name(char *file, size_t num); | 148\& int RAND_load_file(const char *file, long max_bytes); 149\& int RAND_write_file(const char *file); 150\& const char *RAND_file_name(char *file, size_t num); |
| 160.Ve 161.PP 162.Vb 1 | 151\& |
| 163\& int RAND_egd(const char *path); | 152\& int RAND_egd(const char *path); |
| 164.Ve 165.PP 166.Vb 3 | 153\& |
| 167\& void RAND_set_rand_method(const RAND_METHOD *meth); 168\& const RAND_METHOD *RAND_get_rand_method(void); 169\& RAND_METHOD *RAND_SSLeay(void); | 154\& void RAND_set_rand_method(const RAND_METHOD *meth); 155\& const RAND_METHOD *RAND_get_rand_method(void); 156\& RAND_METHOD *RAND_SSLeay(void); |
| 170.Ve 171.PP 172.Vb 1 | 157\& |
| 173\& void RAND_cleanup(void); | 158\& void RAND_cleanup(void); |
| 174.Ve 175.PP 176.Vb 3 | 159\& |
| 177\& /* For Win32 only */ 178\& void RAND_screen(void); 179\& int RAND_event(UINT, WPARAM, LPARAM); 180.Ve 181.SH "DESCRIPTION" 182.IX Header "DESCRIPTION" 183Since the introduction of the \s-1ENGINE\s0 \s-1API\s0, the recommended way of controlling 184default implementations is by using the \s-1ENGINE\s0 \s-1API\s0 functions. The default --- 15 unchanged lines hidden (view full) --- 200.PP 201A cryptographic \s-1PRNG\s0 must be seeded with unpredictable data such as 202mouse movements or keys pressed at random by the user. This is 203described in \fIRAND_add\fR\|(3). Its state can be saved in a seed file 204(see \fIRAND_load_file\fR\|(3)) to avoid having to go through the 205seeding process whenever the application is started. 206.PP 207\&\fIRAND_bytes\fR\|(3) describes how to obtain random data from the | 160\& /* For Win32 only */ 161\& void RAND_screen(void); 162\& int RAND_event(UINT, WPARAM, LPARAM); 163.Ve 164.SH "DESCRIPTION" 165.IX Header "DESCRIPTION" 166Since the introduction of the \s-1ENGINE\s0 \s-1API\s0, the recommended way of controlling 167default implementations is by using the \s-1ENGINE\s0 \s-1API\s0 functions. The default --- 15 unchanged lines hidden (view full) --- 183.PP 184A cryptographic \s-1PRNG\s0 must be seeded with unpredictable data such as 185mouse movements or keys pressed at random by the user. This is 186described in \fIRAND_add\fR\|(3). Its state can be saved in a seed file 187(see \fIRAND_load_file\fR\|(3)) to avoid having to go through the 188seeding process whenever the application is started. 189.PP 190\&\fIRAND_bytes\fR\|(3) describes how to obtain random data from the |
| 208\&\s-1PRNG\s0. | 191\&\s-1PRNG\s0. |
| 209.SH "INTERNALS" 210.IX Header "INTERNALS" 211The \fIRAND_SSLeay()\fR method implements a \s-1PRNG\s0 based on a cryptographic 212hash function. 213.PP 214The following description of its design is based on the SSLeay 215documentation: 216.PP 217First up I will state the things I believe I need for a good \s-1RNG\s0. | 192.SH "INTERNALS" 193.IX Header "INTERNALS" 194The \fIRAND_SSLeay()\fR method implements a \s-1PRNG\s0 based on a cryptographic 195hash function. 196.PP 197The following description of its design is based on the SSLeay 198documentation: 199.PP 200First up I will state the things I believe I need for a good \s-1RNG\s0. |
| 218.IP "1" 4 219.IX Item "1" | 201.IP "1." 4 |
| 220A good hashing algorithm to mix things up and to convert the \s-1RNG\s0 'state' 221to random numbers. | 202A good hashing algorithm to mix things up and to convert the \s-1RNG\s0 'state' 203to random numbers. |
| 222.IP "2" 4 223.IX Item "2" | 204.IP "2." 4 |
| 224An initial source of random 'state'. | 205An initial source of random 'state'. |
| 225.IP "3" 4 226.IX Item "3" | 206.IP "3." 4 |
| 227The state should be very large. If the \s-1RNG\s0 is being used to generate 2284096 bit \s-1RSA\s0 keys, 2 2048 bit random strings are required (at a minimum). 229If your \s-1RNG\s0 state only has 128 bits, you are obviously limiting the 230search space to 128 bits, not 2048. I'm probably getting a little 231carried away on this last point but it does indicate that it may not be 232a bad idea to keep quite a lot of \s-1RNG\s0 state. It should be easier to 233break a cipher than guess the \s-1RNG\s0 seed data. | 207The state should be very large. If the \s-1RNG\s0 is being used to generate 2084096 bit \s-1RSA\s0 keys, 2 2048 bit random strings are required (at a minimum). 209If your \s-1RNG\s0 state only has 128 bits, you are obviously limiting the 210search space to 128 bits, not 2048. I'm probably getting a little 211carried away on this last point but it does indicate that it may not be 212a bad idea to keep quite a lot of \s-1RNG\s0 state. It should be easier to 213break a cipher than guess the \s-1RNG\s0 seed data. |
| 234.IP "4" 4 235.IX Item "4" | 214.IP "4." 4 |
| 236Any \s-1RNG\s0 seed data should influence all subsequent random numbers 237generated. This implies that any random seed data entered will have 238an influence on all subsequent random numbers generated. | 215Any \s-1RNG\s0 seed data should influence all subsequent random numbers 216generated. This implies that any random seed data entered will have 217an influence on all subsequent random numbers generated. |
| 239.IP "5" 4 240.IX Item "5" | 218.IP "5." 4 |
| 241When using data to seed the \s-1RNG\s0 state, the data used should not be 242extractable from the \s-1RNG\s0 state. I believe this should be a 243requirement because one possible source of 'secret' semi random 244data would be a private key or a password. This data must 245not be disclosed by either subsequent random numbers or a 246\&'core' dump left by a program crash. | 219When using data to seed the \s-1RNG\s0 state, the data used should not be 220extractable from the \s-1RNG\s0 state. I believe this should be a 221requirement because one possible source of 'secret' semi random 222data would be a private key or a password. This data must 223not be disclosed by either subsequent random numbers or a 224\&'core' dump left by a program crash. |
| 247.IP "6" 4 248.IX Item "6" | 225.IP "6." 4 |
| 249Given the same initial 'state', 2 systems should deviate in their \s-1RNG\s0 state 250(and hence the random numbers generated) over time if at all possible. | 226Given the same initial 'state', 2 systems should deviate in their \s-1RNG\s0 state 227(and hence the random numbers generated) over time if at all possible. |
| 251.IP "7" 4 252.IX Item "7" | 228.IP "7." 4 |
| 253Given the random number output stream, it should not be possible to determine 254the \s-1RNG\s0 state or the next random number. 255.PP 256The algorithm is as follows. 257.PP 258There is global state made up of a 1023 byte buffer (the 'state'), a 259working hash value ('md'), and a counter ('count'). 260.PP --- 36 unchanged lines hidden (view full) --- 297So of the points raised, only 2 is not addressed (but see 298\&\fIRAND_add\fR\|(3)). 299.SH "SEE ALSO" 300.IX Header "SEE ALSO" 301\&\fIBN_rand\fR\|(3), \fIRAND_add\fR\|(3), 302\&\fIRAND_load_file\fR\|(3), \fIRAND_egd\fR\|(3), 303\&\fIRAND_bytes\fR\|(3), 304\&\fIRAND_set_rand_method\fR\|(3), | 229Given the random number output stream, it should not be possible to determine 230the \s-1RNG\s0 state or the next random number. 231.PP 232The algorithm is as follows. 233.PP 234There is global state made up of a 1023 byte buffer (the 'state'), a 235working hash value ('md'), and a counter ('count'). 236.PP --- 36 unchanged lines hidden (view full) --- 273So of the points raised, only 2 is not addressed (but see 274\&\fIRAND_add\fR\|(3)). 275.SH "SEE ALSO" 276.IX Header "SEE ALSO" 277\&\fIBN_rand\fR\|(3), \fIRAND_add\fR\|(3), 278\&\fIRAND_load_file\fR\|(3), \fIRAND_egd\fR\|(3), 279\&\fIRAND_bytes\fR\|(3), 280\&\fIRAND_set_rand_method\fR\|(3), |
| 305\&\fIRAND_cleanup\fR\|(3) | 281\&\fIRAND_cleanup\fR\|(3) |