ipsec_ranbits(8) [centos man page]
IPSEC_RANBITS(8) [FIXME: manual] IPSEC_RANBITS(8) NAME
ipsec_ranbits - generate random bits in ASCII form SYNOPSIS
ipsec ranbits [--quick] [--continuous] [--bytes] nbits DESCRIPTION
Ranbits obtains nbits (rounded up to the nearest byte) high-quality random bits from random(4), and emits them on standard output as an ASCII string. The default output format is datatot(3) h format: lowercase hexadecimal with a 0x prefix and an underscore every 32 bits. The --quick option produces quick-and-dirty random bits: instead of using the high-quality random bits from /dev/random, which may take some time to supply the necessary bits if nbits is large, ranbits uses /dev/urandom, which yields prompt results but lower-quality randomness. The --continuous option uses datatot(3) x output format, like h but without the underscores. The --bytes option causes nbits to be interpreted as a byte count rather than a bit count. FILES
/dev/random, /dev/urandom SEE ALSO
ipsec_datatot(3), random(4) HISTORY
Written for the Linux FreeS/WAN project <http://www.freeswan.org> by Henry Spencer. BUGS
There is an internal limit on nbits, currently 20000. Without --quick, ranbits's run time is difficult to predict. A request for a large number of bits, at a time when the system's entropy pool is low on randomness, may take quite a while to satisfy. Though not a bug of ranbits, the direct use of /dev/hw_random, the Linux hardware random number generator is not supported because it can produce very non-random data. To properly use /dev/hw_random, the rngd daemon should be used to read from /dev/hw_random and write to /dev/random, while performing a FIPS test on the hardware random read. No changes to Openswan are required for this support - just a running rngd. [FIXME: source] 10/06/2010 IPSEC_RANBITS(8)
Check Out this Related Man Page
RANDOM(4) BSD Kernel Interfaces Manual RANDOM(4) NAME
random , urandom -- random data source devices. SYNOPSIS
pseudo-device random DESCRIPTION
The random device produces uniformly distributed random byte values of potentially high quality. To obtain random bytes, open /dev/random for reading and read from it. To add entropy to the random generation system, open /dev/random for writing and write data that you believe to be somehow random. /dev/urandom is a compatibility nod to Linux. On Linux, /dev/urandom will produce lower quality output if the entropy pool drains, while /dev/random will prefer to block and wait for additional entropy to be collected. With Yarrow, this choice and distinction is not necessary, and the two devices behave identically. You may use either. OPERATION
The random device implements the Yarrow pseudo random number generator algorithm and maintains its entropy pool. Additional entropy is fed to the generator regularly by the SecurityServer daemon from random jitter measurements of the kernel. SecurityServer is also responsible for periodically saving some entropy to disk and reloading it during startup to provide entropy in early system operation. You may feed additional entropy to the generator by writing it to the random device, though this is not required in a normal operating envi- ronment. LIMITATIONS AND WARNINGS
Yarrow is a fairly resilient algorithm, and is believed to be resistant to non-root. The quality of its output is however dependent on regu- lar addition of appropriate entropy. If the SecurityServer system daemon fails for any reason, output quality will suffer over time without any explicit indication from the random device itself. Paranoid programmers can counteract this risk somewhat by collecting entropy of their choice (e.g. from keystroke or mouse timings) and seed- ing it into random directly before obtaining important random numbers. FILES
/dev/random /dev/urandom HISTORY
A random device appeared in the Linux operating system. Darwin September 6, 2001 Darwin