[Tfug] /dev/random

Sun Jun 12 09:08:52 MST 2005

(answers are inline)
Quoting Charles R Kiss <charles at kissbrothers.com>:
> I stole the following code:
>
> #include <iostream>
> #include <fstream>
> #include <cstdlib>
>
>
>     using namespace std;
>
>     //const char *rand_device = "/dev/urandom";
>     const char *rand_device = "/dev/random";
>
>     int
>     main() {
>       int getuid();
>
>
>       cout << "uid " << getuid() << endl;
>       std::ifstream random(rand_device);
>       if (!random) {
>         perror(rand_device);
>         return 1;
>       }
>
>       unsigned int seed;
>       random.read((char*)&seed, sizeof(seed));
>       cout << "seed: " << seed << endl;
>       return 0;
>     }
>
>
>
> from here:
>
> http://groups-beta.google.com/group/comp.lang.c++.moderated/browse_thread/thread/3585188f84021b65
>
>
> but when compiling:     charles at house:~/game$ g++ t.C -o t
>
> I get the following error:
>
> t.C: In function `int main()':
> t.C:18: implicit declaration of function `int perror(...)'
>
> Why?  I tried adding the <stdio>  directive; but that didn't help.

You need to include <cstdio> for the C++ wrapped version of stdio.h.
The other correction that I needed to make was to delete your local
getuid function declaration and include unistd.h.  Since it's a C
header, do it like this:

extern "C" {
#include <unistd.h>     /* for getuid() */
}

> How fast and
> for how long can I generate these numbers; which are rather large.

/dev/random: Very fast, not very long -- RNG blocks when empty
/dev/urandom: Very fast, very long -- cryptographic pseudo-RNG seeded
from /dev/random.

/dev/random's typical purpose is to seed your userspace random number
generator.  This is because the pool is small and easy to exhaust.
You've probably read 100 times that /dev/random will block when it's
empty.  Despite a previous response that suggested a default pool of
8K, linux has a default of 512 bytes.  It used to be the case that you
could easily adjust the pool size with /proc/sys/kernel/random/poolsize
but a recently discovered security problem has changed that.  The
/proc/.../poolsize file has become read-only.  You now have to change
the poolsize macros in the kernel source (drivers/char/random.c).

> Is there a way of limiting the random numbers output to three or four
> numbers numbers without using the modulus function?   Say, reading
> straight off a 2-bit byte random stream, or a 3-bit byte stream, or an
> n-bit byte stream?

Being a character device, you need to read at least 1 character at a
time.  You could stretch your pool a little longer by reading character
sized chunks instead of integers. (ints are likely to be 4 bytes)

If you're determined to get bit sized granularity, read a few
/dev/(u)random words into your own pool and manage the bits yourself.

> Also, is controlling the entropy pool, as in BSD's rndcontrol function,
> possible?

I'm not aware of any such program.  There is heated debate when you
start asking if /dev/random is looking at the right entropy sources.

Brian

The opinions or statements expressed herein are my own and should not be
taken as a position, opinion, or endorsement of the University of
Arizona.