Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What is /dev/arandom?

Tags:

linux

php

random

session

This manual page says:

Note: As of PHP 5.4.0 session.entropy_file defaults to /dev/urandom or /dev/arandom if it is available. In PHP 5.3.0 this directive is left empty by default.

So, what's /dev/arandom and how does it differ from /dev/[u]random?

like image 244
Alix Axel Avatar asked Oct 14 '12 21:10

Alix Axel

People also ask

What is urandom used for?

The /dev/random and /dev/urandom files are special files that are a source for random bytes generated by the kernel random number generator device. The /dev/random and /dev/urandom files are suitable for applications requiring high quality random numbers for cryptographic purposes.

What does Dev urandom do in Linux?

The character special files /dev/random and /dev/urandom (present since Linux 1.3. 30) provide an interface to the kernel's random number generator. The file /dev/random has major device number 1 and minor device number 8. The file /dev/urandom has major device number 1 and minor device number 9.

What is Dev random vs Dev urandom?

'Urandom' is used where there is constant need of random numbers and its randomness is not much important while 'random' is used where there is a security concern and its randomness should be reliable as it blocks outputting random numbers if entropy is not up to the mark.

Is Dev urandom random?

The /dev/urandom device provides a reliable source of random output, however the output will not be generated from an equal amount of random input if insufficient input is available. Reads from the /dev/urandom device always return the quantity of output requested without blocking.

2 Answers

From here. It appears as though arandom will guarantee that sufficient entropy is present before returning the amount of data requested. It also appears to be limited to OpenBSD implementations. urandom will return the amount of data requested no matter whether there is enough entropy -- which obviously could introduce a vulnerability if there is not enough.

like image 108
Chris Thompson Avatar answered Sep 25 '22 20:09

Chris Thompson

This page does a reasonable job explaining what the device is:

As required, entropy pool data re-seeds an ARC4 generator, which then generates high-quality pseudo-random output data.

More information about the underlying technique is available from Wikipedia.

like image 31
ta.speot.is Avatar answered Sep 27 '22 20:09

ta.speot.is
Sign in to Comment

Related questions

Why does switch(true) have a smaller NPath complexity than if() elseif()?
PHP / MYSQL connection failures under heavy load through mysql.sock
Get record by ID and all foreigns recursive in Laravel 5
How to insert into multiple tables on user registration and edit the registration from
Is memcache suitable for passing user details from Apache to Node.js
Laravel Auth::attempt() returns false
PHP - Converting all Errors to Exceptions - Good or Bad?
PHP login class
Can I control hardware via PHP Language?
PHP session and memcacheD
How can I decrypt an encrypted MCRYPT_RIJNDAEL_256 value in C#, that was encrypted by mcrypt in PHP?
What can I use to implement Telegram messages in my website?
Codeception run before all tests inside a CEST
Paypal get access token with PHP cURL
How do I add a CAPTCHA to my PHP form?
How do I enable PDO using CentOS?
Formatting events according to start time
How to --> Offer a coupon for a Tweet
why are arabic numbers (١٢٣) not accepted in textboxes as real numbers?
Proper way to use "Remember me" functionality in PHP

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!