1 .\" Copyright (c) 1997 John S. Kallal (kallal@voicenet.com)
3 .\" This is free documentation; you can redistribute it and/or
4 .\" modify it under the terms of the GNU General Public License as
5 .\" published by the Free Software Foundation; either version 2 of
6 .\" the License, or (at your option) any later version.
8 .\" Some changes by tytso and aeb.
10 .\" 2004-12-16, John V. Belmonte/mtk, Updated init and quit scripts
11 .\" 2004-04-08, AEB, Improved description of read from /dev/urandom
12 .\" 2008-06-20, George Spelvin <linux@horizon.com>,
13 .\" Matt Mackall <mpm@selenic.com>
14 .\" Add a Usage subsection that recommends most users to use
15 .\" /dev/urandom, and emphasizes parsimonious usage of /dev/random.
17 .\" Japanese Version Copyright (c) 1998
18 .\" ISHIKAWA Mutsumi, all rights reserved.
19 .\" Translated into Japanese Mon Jan 12 03:20:27 JST 1998
20 .\" by ISHIKAWA Mutsumi <ishikawa@linux.or.jp>
21 .\" Japanese Version Last Modified Thu Feb 5 21:08:33 JST 1998
22 .\" by ISHIKAWA Mutsumi <ishikawa@linux.or.jp>
23 .\" Updated & Modified Sun Jun 6 14:48:03 JST 2004
24 .\" by Yuichi SATO <ysato444@yahoo.co.jp>
25 .\" Updated & Modified Tue Jan 18 04:21:16 JST 2005 by Yuichi SATO
26 .\" Updated & Modified Fri Apr 22 03:44:01 JST 2005 by Yuichi SATO
27 .\" Updated 2008-08-13, Akihiro MOTOKI <amotoki@dd.iij4u.or.jp>, LDP v3.05
29 .\"WORD: random generator Íð¿ô¥¸¥§¥Í¥ì¡¼¥¿
31 .TH RANDOM 4 2010-08-29 "Linux" "Linux Programmer's Manual"
34 .\"O random, urandom \- kernel random number source devices
35 random, urandom \- ¥«¡¼¥Í¥ëÍð¿ô¥½¡¼¥¹¥Ç¥Ð¥¤¥¹
38 .\"O The character special files \fI/dev/random\fP and
39 .\"O \fI/dev/urandom\fP (present since Linux 1.3.30)
40 .\"O provide an interface to the kernel's random number generator.
41 (Linux 1.3.30 ¤«¤éÄ󶡤µ¤ì¤Æ¤¤¤ë) \fI/dev/random\fP ¡¢
42 \fI/dev/urandom\fP ¥¥ã¥é¥¯¥¿¥¹¥Ú¥·¥ã¥ë¥Õ¥¡¥¤¥ë¤Ï
43 ¥«¡¼¥Í¥ëÍð¿ô¥¸¥§¥Í¥ì¡¼¥¿¤Ø¤Î¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤òÄ󶡤¹¤ë¡£
44 .\"O File \fI/dev/random\fP has major device number 1
45 .\"O and minor device number 8.
46 .\"O File \fI/dev/urandom\fP has major device number 1 and minor device number 9.
47 \fI/dev/random\fP ¥Õ¥¡¥¤¥ë¤Ï¥á¥¸¥ã¡¼¥Ç¥Ð¥¤¥¹ÈÖ¹æ 1
48 ¥Þ¥¤¥Ê¡¼¥Ç¥Ð¥¤¥¹ÈÖ¹æ 8 ¤Ç¤¢¤ë¡£
49 \fI/dev/urandom\fP ¤Ï¥á¥¸¥ã¡¼¥Ç¥Ð¥¤¥¹ÈÖ¹æ 1
50 ¥Þ¥¤¥Ê¡¼¥Ç¥Ð¥¤¥¹ÈÖ¹æ 9 ¤Ç¤¢¤ë¡£
52 .\"O The random number generator gathers environmental noise
53 .\"O from device drivers and other sources into an entropy pool.
54 Íð¿ô¥¸¥§¥Í¥ì¡¼¥¿¤Ï¥Ç¥Ð¥¤¥¹¥É¥é¥¤¥Ð¤ä¤½¤Î¾¤Î¸»¤«¤é¤Î´Ä¶¥Î¥¤¥º¤ò
55 ¥¨¥ó¥È¥í¥Ô¡¼¡¦¥×¡¼¥ë¤Ø½¸¤á¤ë¡£
56 .\"O The generator also keeps an estimate of the
57 .\"O number of bits of noise in the entropy pool.
58 ¤Þ¤¿¡¢¥¸¥§¥Í¥ì¡¼¥¿¤Ï¥¨¥ó¥È¥í¥Ô¡¼¡¦¥×¡¼¥ëÆâ¤Î¥Î¥¤¥º¤Î¥Ó¥Ã¥È¿ô¤Î¿äÄêÃͤò
60 .\"O From this entropy pool random numbers are created.
61 ¤³¤Î¥¨¥ó¥È¥í¥Ô¡¼¡¦¥×¡¼¥ë¤«¤éÍð¿ô¤¬À¸À®¤µ¤ì¤ë¡£
63 .\"O When read, the \fI/dev/random\fP device will only return random bytes
64 .\"O within the estimated number of bits of noise in the entropy
66 .\"O \fI/dev/random\fP should be suitable for uses that need very
67 .\"O high quality randomness such as one-time pad or key generation.
68 Æɤ߹þ¤ß¤¬¹Ô¤ï¤ì¤ë¤È¡¢
70 ¥Ç¥Ð¥¤¥¹¤Ï¥¨¥ó¥È¥í¥Ô¡¼¡¦¥×¡¼¥ë¤Î¥Î¥¤¥º¥Ó¥Ã¥È¤Î¿ô¤Î¿äÄêÃͤΤ¦¤Á¡¢
71 ¥é¥ó¥À¥à¥Ð¥¤¥È¤Î¤ß¤òÊÖ¤¹¡£
72 \fI/dev/random\fP ¤Ï¥ï¥ó¥¿¥¤¥à¥Ñ¥Ã¥É (one-time pad) ¤ä¸°¤ÎÀ¸À®¤Î¤è¤¦¤Ê
73 Èó¾ï¤Ë¹â¤¤ÉʼÁ¤ò»ý¤Ã¤¿Ìµºî°ÙÀ¤¬É¬ÍפˤʤëÍÑÅӤ˸þ¤¤¤Æ¤¤¤ë¤À¤í¤¦¡£
74 .\"O When the entropy pool is empty, reads from \fI/dev/random\fP will block
75 .\"O until additional environmental noise is gathered.
76 ¥¨¥ó¥È¥í¥Ô¡¼¡¦¥×¡¼¥ë¤¬¶õ¤Î»þ¤Ï¡¢\fI/dev/random\fP ¤«¤é¤ÎÆɤ߽Ф·¤Ï¡¢
77 ¹¹¤Ê¤ë´Ä¶¥Î¥¤¥º¤¬ÆÀ¤é¤ì¤ë¤Þ¤Ç¡¢¥Ö¥í¥Ã¥¯¤µ¤ì¤ë¡£
79 .\"O A read from the \fI/dev/urandom\fP device will not block
80 .\"O waiting for more entropy.
81 .\"O As a result, if there is not sufficient entropy in the
82 .\"O entropy pool, the returned values are theoretically vulnerable to a
83 .\"O cryptographic attack on the algorithms used by the driver.
84 .\"O Knowledge of how to do this is not available in the current unclassified
85 .\"O literature, but it is theoretically possible that such an attack may
87 .\"O If this is a concern in your application, use \fI/dev/random\fP
89 \fI/dev/urandom\fP ¥Ç¥Ð¥¤¥¹¤«¤éÆɤ߽Ф·¤Ç¤Ï¡¢
90 ¥¨¥ó¥È¥í¥Ô¡¼¤¬¤è¤ê¹â¤¯¤Ê¤ë¤Î¤òÂԤĤ¿¤á¤Î¥Ö¥í¥Ã¥¯¤Ï¹Ô¤ï¤ì¤Ê¤¤¡£
91 ¤½¤Î·ë²Ì¡¢¤â¤·¥¨¥ó¥È¥í¥Ô¡¼¡¦¥×¡¼¥ë¤Ë½½Ê¬¤Ê¥¨¥ó¥È¥í¥Ô¡¼¤¬Â¸ºß¤·¤Ê¤¤¾ì¹ç¡¢
92 ÊÖ¤êÃͤϤ³¤Î¥É¥é¥¤¥Ð¤Ç»È¤ï¤ì¤Æ¤¤¤ë¥¢¥ë¥´¥ê¥º¥à¤Ë´ð¤Å¤¯°Å¹æ¹¶·â¤ËÂФ·¤Æ¡¢
93 ÏÀÍýŪ¤Ë¤Ï¼å¤¯¤Ê¤ë¤³¤È¤Ë¤Ê¤ë¡£
94 ¤³¤Î¹¶·â¤ò¤É¤Î¤è¤¦¤Ë¹Ô¤¦¤«¤È¤¤¤¦»ö¤Ë¤Ä¤¤¤Æ¤Ï¡¢¸½ºß¸¦µæÏÀʸ¤Ê¤É¤Î
95 ·Á¤ÇÆþ¼ê¤Ç¤¤ë»ñÎÁ¤Ï¤Ê¤¤¡¢¤·¤«¤·¡¢¤½¤Î¤è¤¦¤Ê¹¶·â¤ÏÏÀÍýŪ¤Ë¸ºß²Äǽ¤Ç¤¢¤ë¡£
96 ¤â¤·¡¢¤³¤Î»ö¤¬¿´Çۤʤ顢(\fI/dev/urandom\fP ¤Ç¤Ï¤Ê¤¯)
97 \fI/dev/random\fP ¤òÍøÍѤ¹¤ì¤Ð¤¤¤¤¡£
100 .\"O If you are unsure about whether you should use
103 .\"O .IR /dev/urandom ,
104 .\"O then probably you want to use the latter.
105 .\"O As a general rule,
106 .\"O .IR /dev/urandom
107 .\"O should be used for everything except long-lived GPG/SSL/SSH keys.
111 ¤Î¤É¤Á¤é¤ò»È¤¦¤Ù¤¤«Ì¤ä¿¾ì¹ç¡¢¤¿¤¤¤Æ¤¤¤Ï
113 ¤ÎÊý¤ò»È¤¤¤¿¤¤¤È»×¤Ã¤Æ¤¤¤ë¤Ï¤º¤À¤í¤¦¡£
114 °ìÈ̤ˡ¢Ä¹´ü¤ËÅϤäƻȤï¤ì¤ë GPG/SSL/SSH ¤Î¥¡¼°Ê³°¤ÎÁ´¤Æ¤Î¤â¤Î¤Ë
118 .\"O If a seed file is saved across reboots as recommended below (all major
119 .\"O Linux distributions have done this since 2000 at least), the output is
120 .\"O cryptographically secure against attackers without local root access as
121 .\"O soon as it is reloaded in the boot sequence, and perfectly adequate for
122 .\"O network encryption session keys.
123 .\"O Since reads from
125 .\"O may block, users will usually want to open it in nonblocking mode
126 .\"O (or perform a read with timeout),
127 .\"O and provide some sort of user notification if the desired
128 .\"O entropy is not immediately available.
129 ²¼µ¤Ç¿ä¾©¤·¤Æ¤¤¤ë¤è¤¦¤ËºÆµ¯Æ°¤ÎÁ°¸å¤ÇÍð¿ô¼ï¥Õ¥¡¥¤¥ë¤¬Êݸ¤µ¤ì¤ë¾ì¹ç
130 (Á´¤Æ¤Î¼ç¤Ê Linux ¤Î¥Ç¥£¥¹¥È¥ê¥Ó¥å¡¼¥·¥ç¥ó¤Ï¾¯¤Ê¤¯¤È¤â 2000 ǯ°Ê¹ß¤Ï
131 Íð¿ô¼ï¤òÊݸ¤¹¤ë¤è¤¦¤Ë¤Ê¤Ã¤Æ¤¤¤ë)¡¢µ¯Æ°¥·¡¼¥±¥ó¥¹¤Ë¤ª¤¤¤ÆÍð¿ô¼ï¤¬
132 ºÆ¥í¡¼¥É¤µ¤ì¤¿Ä¾¸å¤«¤é¡¢¤½¤Î½ÐÎÏ¤Ï¥í¡¼¥«¥ë¤Î¥ë¡¼¥È¥¢¥¯¥»¥¹¤¬¤Ç¤¤Ê¤¤
133 ¹¶·â¼Ô¤ËÂФ·¤Æ°Å¹æŪ¤Ë°ÂÁ´¤Ê¤â¤Î¤È¤Ê¤ê¡¢¥Í¥Ã¥È¥ï¡¼¥¯°Å¹æ²½¤Î¥»¥Ã¥·¥ç¥ó¥¡¼
134 ¤È¤·¤Æ»È¤¦¤Ë¤Ï´°Á´¤ËºÇŬ¤Ê¤â¤Î¤È¤Ê¤ë¡£
136 ¤«¤é¤ÎÆɤ߽Ф·¤ÏÄä»ß (block) ¤¹¤ë²ÄǽÀ¤¬¤¢¤ë¤Î¤Ç¡¢¥æ¡¼¥¶¤ÏÉáÄÌ
137 ¤³¤Î¥Õ¥¡¥¤¥ë¤òÈóÄä»ß (nonblocking) ¥â¡¼¥É¤Ç³«¤³¤¦¤È¤·
138 (¤â¤·¤¯¤Ï¥¿¥¤¥à¥¢¥¦¥È¤ò»ØÄꤷ¤ÆÆɤ߽Ф·¤ò¼Â¹Ô¤·)¡¢´õ˾¤¹¤ë¥ì¥Ù¥ë¤Î
139 ¥¨¥ó¥È¥í¥Ô¡¼¤Ï¤¹¤°¤Ë¤ÏÍøÍѤǤ¤Ê¤¤¾ì¹ç¤Ë¤Ï¡¢²¿¤é¤«¤ÎÄÌÃΤò¹Ô¤¦¤³¤È¤À¤í¤¦¡£
141 .\"O The kernel random-number generator is designed to produce a small
142 .\"O amount of high-quality seed material to seed a
143 .\"O cryptographic pseudo-random number generator (CPRNG).
144 .\"O It is designed for security, not speed, and is poorly
145 .\"O suited to generating large amounts of random data.
146 .\"O Users should be very economical in the amount of seed
147 .\"O material that they read from
148 .\"O .IR /dev/urandom
150 .\"O .IR /dev/random );
151 .\"O unnecessarily reading large quantities of data from this device will have
152 .\"O a negative impact on other users of the device.
153 ¥«¡¼¥Í¥ë¤ÎÍð¿ô¥¸¥§¥Í¥ì¡¼¥¿¤Ï¡¢°Å¹æµ¿»÷Íð¿ô¥¸¥§¥Í¥ì¡¼¥¿ (Cryptographic
154 pseudo-random number generator; CPRNG) ¤Î¼ï¤È¤·¤Æ»ÈÍѤǤ¤ë
155 ¹âÉʼÁ¤ÊÍð¿ô¼ï¤ÎºàÎÁ¤ò¾¯¤·À¸À®¤¹¤ë¤¿¤á¤ËÀ߷פµ¤ì¤Æ¤¤¤ë¡£
156 ¤³¤ì¤Ï®Å٤ǤϤʤ¯°ÂÁ´À¤ò½Å»ë¤·¤ÆÀ߷פµ¤ì¤Æ¤ª¤ê¡¢
157 ¥é¥ó¥À¥à¤Ê¥Ç¡¼¥¿¤òÂçÎ̤ËÀ¸À®¤¹¤ë¤Î¤Ë¤ÏÁ´¤¯¤â¤Ã¤ÆŬ¤·¤Æ¤¤¤Ê¤¤¡£
162 ¤«¤éÆɤ߽Ф¹Íð¿ô¼ï¤ÎºàÎÁ¤ÎÎ̤ò¤Ç¤¤ë¤À¤±ÀáÌ󤹤٤¤Ç¤¢¤ë¡£
163 ¤³¤Î¥Ç¥Ð¥¤¥¹¤«¤éÉÔɬÍפËÂçÎ̤Υǡ¼¥¿¤òÆɤ߽Ф¹¤È¡¢¤³¤Î¥Ç¥Ð¥¤¥¹¤ò»È¤¦
164 ¾¤Î¥æ¡¼¥¶¤Ë¥Þ¥¤¥Ê¥¹¤Î±Æ¶Á¤òÍ¿¤¨¤Æ¤·¤Þ¤¦¤À¤í¤¦¡£
166 .\"O The amount of seed material required to generate a cryptographic key
167 .\"O equals the effective key size of the key.
168 .\"O For example, a 3072-bit RSA
169 .\"O or Diffie-Hellman private key has an effective key size of 128 bits
170 .\"O (it requires about 2^128 operations to break) so a key generator only
171 .\"O needs 128 bits (16 bytes) of seed material from
172 .\"O .IR /dev/random .
173 °Å¹æ¸°¤òÀ¸À®¤¹¤ë¤Î¤ËɬÍפÊÍð¿ô¼ï¤ÎºàÎÁ¤ÎÎ̤ϡ¢¸°¤Î¼Â¸ú¥µ¥¤¥º¤ÈƱ¤¸¤Ç¤¢¤ë¡£
174 Î㤨¤Ð¡¢3072 ¥Ó¥Ã¥È¤Î RSA ¤ª¤è¤Ó Diffie-Hellman ¤ÎÈëÌ©¸°¤Î¼Â¸ú¥µ¥¤¥º¤Ï
175 128 ¥Ó¥Ã¥È (¤³¤ÎÈëÌ©¸°¤òÇˤë¤Ë¤Ï 2^128 ²ó¤ÎÁàºî¤¬É¬ÍפȤ¤¤¦¤³¤È) ¤Ç¤¢¤ê¡¢
178 ¤«¤éÆɤ߽Ф¹É¬Íפ¬¤¢¤ëÍð¿ô¼ï¤ÎºàÎÁ¤ÎÎÌ¤Ï 128 ¥Ó¥Ã¥È (16 ¥Ð¥¤¥È) ¤À¤±¤Ç¤¢¤ë¡£
180 .\"O While some safety margin above that minimum is reasonable, as a guard
181 .\"O against flaws in the CPRNG algorithm, no cryptographic primitive
182 .\"O available today can hope to promise more than 256 bits of security,
183 .\"O so if any program reads more than 256 bits (32 bytes) from the kernel
184 .\"O random pool per invocation, or per reasonable reseed interval (not less
185 .\"O than one minute), that should be taken as a sign that its cryptography is
187 .\"O skilfully implemented.
188 CPRNG ¥¢¥ë¥´¥ê¥º¥à¤Î·ç´Ù¤ËÂФ¹¤ëÊݸî¤È¤·¤Æ¡¢¤³¤ÎºÇ¾®ÃͤËÂФ·¤Æ¤¤¤¯¤é¤«¤Î
189 °ÂÁ´¾å¤Î¥Þ¡¼¥¸¥ó¤ò¼è¤ë¤Î¤Ï¤â¤Ã¤È¤â¤À¤¬¡¢¸½ºßÍøÍѲÄǽ¤Ê°Å¹æ¥×¥ê¥ß¥Æ¥£¥Ö¤Ç
190 256 ¥Ó¥Ã¥È¤è¤ê¿¤¯¤Î°ÂÁ´¤ÊÍð¿ô¤òɬÍפȤ¹¤ë¤è¤¦¤Ê¤â¤Î¤Ï¤Ê¤¤¡£
191 µ¯Æ°¤¹¤ëÅ٤ˡ¢¤â¤·¤¯¤ÏÍð¿ô¼ï¤òÊѹ¹¤¹¤ëÂÅÅö¤Ê´Ö³Ö (1 ʬ¤è¤êû¤¯¤Ê¤ë¤³¤È¤Ï¤Ê¤¤)
192 ¤ÎÅ٤ˡ¢¥«¡¼¥Í¥ë¤ÎÍð¿ô¥×¡¼¥ë¤«¤é 256 ¥Ó¥Ã¥È (32 ¥Ð¥¤¥È) ¤è¤ê¤¿¤¯¤µ¤óÆɤ߽Ф¹
193 ¤è¤¦¤Ê¾ì¹ç¤Ë¤Ï¡¢¤½¤Î¥×¥í¥°¥é¥à¤Î°Å¹æ½èÍý¤¬¤¦¤Þ¤¯¼ÂÁõ¤µ¤ì¤Æ¡Ö¤¤¤Ê¤¤¡×²ÄǽÀ¤¬
194 ¤¢¤ë¤È¹Í¤¨¤ë¤Ù¤¤Ç¤¢¤í¤¦¡£
195 .\"O .SS Configuration
197 .\"O If your system does not have
198 .\"O \fI/dev/random\fP and \fI/dev/urandom\fP created already, they
199 .\"O can be created with the following commands:
200 ¥·¥¹¥Æ¥à¤Ë¤¢¤é¤«¤¸¤áºîÀ®¤µ¤ì¤¿ \fI/dev/random\fP ¤È
201 \fI/dev/urandom\fP ¤¬Â¸ºß¤·¤Ê¤¤¤Ê¤é¡¢¼¡¤Î¤è¤¦¤Ê¥³¥Þ¥ó¥É¤ÇºîÀ®¤Ç¤¤ë¡£
204 mknod \-m 644 /dev/random c 1 8
205 mknod \-m 644 /dev/urandom c 1 9
206 chown root:root /dev/random /dev/urandom
209 .\"O When a Linux system starts up without much operator interaction,
210 .\"O the entropy pool may be in a fairly predictable state.
211 ¥ª¥Ú¥ì¡¼¥¿¤ÎÁàºî¤Ê¤·¤Ë Linux ¥·¥¹¥Æ¥à¤¬µ¯Æ°¤·¤¿Ä¾¸å¤Ï¡¢
212 ¥¨¥ó¥È¥í¥Ô¡¼¡¦¥×¡¼¥ë¤Ï°Õ³°À¤Î˳¤·¤¤¶Ñ°ì¤Ê¾õÂ֤ˤ¢¤ë¤À¤í¤¦¡£
213 .\"O This reduces the actual amount of noise in the entropy pool
214 .\"O below the estimate.
215 .\"O In order to counteract this effect, it helps to carry
216 .\"O entropy pool information across shut-downs and start-ups.
217 ¤³¤ì¤Ë¤è¤ê¡¢¥¨¥ó¥È¥í¥Ô¡¼¡¦¥×¡¼¥ë¤Î¼ÂºÝ¤Î¥Î¥¤¥ºÎ̤Ïɾ²ÁÃͤè¤ê¾¯¤Ê¤¯¤Ê¤ë¡£
218 ¤³¤Î¸ú²Ì¤òÂǤÁ¾Ã¤¹¤¿¤á¤Ë¡¢¥·¥ã¥Ã¥È¥À¥¦¥ó¤«¤é (¼¡¤Î) µ¯Æ°»þ¤Þ¤Ç»ý¤Á±Û¤·¤¿
219 ¥¨¥ó¥È¥í¥Ô¡¼¡¦¥×¡¼¥ë¤Î¾ðÊ󤬽õ¤±¤Ë¤Ê¤ë¡£
220 .\"O To do this, add the following lines to an appropriate script
221 .\"O which is run during the Linux system start-up sequence:
222 ¥¨¥ó¥È¥í¥Ô¡¼¡¦¥×¡¼¥ë¤ò»ý¤Á±Û¤¹¤¿¤á¤Ë¤Ï¡¢
223 Linux ¥·¥¹¥Æ¥à¤Îµ¯Æ°»þ¤Ë¼Â¹Ô¤µ¤ì¤ëŬÀڤʥ¹¥¯¥ê¥×¥È¤Ë¡¢
224 °Ê²¼¤Î¹Ô¤òÄɲ乤ì¤Ð¤è¤¤:
227 echo "Initializing random number generator..."
228 random_seed=/var/run/random-seed
229 .\"O # Carry a random seed from start-up to start-up
230 .\"O # Load and then save the whole entropy pool
231 # Íð¿ô¼ï¤òº£²ó¤Î¥¹¥¿¡¼¥È¥¢¥Ã¥×¤«¤é¼¡²ó¤Î¥¹¥¿¡¼¥È¥¢¥Ã¥×¤Þ¤Ç»ý¤Á±Û¤¹¡£
232 # ¥í¡¼¥É¤ò¹Ô¤¤¡¢¤½¤Î¸å¡¢Á´¤Æ¤Î¥¨¥ó¥È¥í¥Ô¡¼¡¦¥×¡¼¥ë¤òÊݸ¤¹¤ë¡£
233 if [ \-f $random_seed ]; then
234 cat $random_seed >/dev/urandom
238 chmod 600 $random_seed
239 poolfile=/proc/sys/kernel/random/poolsize
240 [ \-r $poolfile ] && bytes=\`cat $poolfile\` || bytes=512
241 dd if=/dev/urandom of=$random_seed count=1 bs=$bytes
244 .\"O Also, add the following lines in an appropriate script which is
245 .\"O run during the Linux system shutdown:
246 ¤Þ¤¿¡¢Linux ¥·¥¹¥Æ¥à¤Î¥·¥ã¥Ã¥È¥À¥¦¥ó»þ¤Ë¼Â¹Ô¤µ¤ì¤ëŬÀڤʥ¹¥¯¥ê¥×¥È¤Ë¡¢
247 °Ê²¼¤Î¹Ô¤òÄɲ乤ì¤Ð¤è¤¤:
250 .\"O # Carry a random seed from shut-down to start-up
251 .\"O # Save the whole entropy pool
252 # Íð¿ô¼ï¤òº£²ó¤Î¥·¥ã¥Ã¥È¥À¥¦¥ó¤«¤é¼¡²ó¤Î¥¹¥¿¡¼¥È¥¢¥Ã¥×¤Þ¤Ç»ý¤Á±Û¤¹¡£
253 # Á´¤Æ¤Î¥¨¥ó¥È¥í¥Ô¡¼¡¦¥×¡¼¥ë¤òÊݸ¤¹¤ë¡£
254 echo "Saving random seed..."
255 random_seed=/var/run/random-seed
257 chmod 600 $random_seed
258 poolfile=/proc/sys/kernel/random/poolsize
259 [ \-r $poolfile ] && bytes=\`cat $poolfile\` || bytes=512
260 dd if=/dev/urandom of=$random_seed count=1 bs=$bytes
262 .\"O .SS "/proc Interface"
263 .SS "/proc ¥¤¥ó¥¿¥Õ¥§¡¼¥¹"
264 .\"O The files in the directory
265 .\"O .I /proc/sys/kernel/random
266 .\"O (present since 2.3.16) provide an additional interface to the
270 .I /proc/sys/kernel/random
271 ¤Ë¤¢¤ë¥Õ¥¡¥¤¥ë (2.3.16 ¤«¤é¸ºß¤¹¤ë) ¤Ï¡¢
273 ¥Ç¥Ð¥¤¥¹¤Ø¤Î¤½¤Î¾¤Î¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤òÄ󶡤¹¤ë¡£
275 .\"O The read-only file
276 .\"O .I entropy_avail
277 .\"O gives the available entropy.
278 .\"O Normally, this will be 4096 (bits),
279 .\"O a full entropy pool.
280 Æɤ߹þ¤ßÀìÍѤΥե¡¥¤¥ë
282 ¤Ï»ÈÍѲÄǽ¤Ê¥¨¥ó¥È¥í¥Ô¡¼¤òɽ¤¹¡£
283 Ä̾¤³¤ì¤Ï 4096 (¥Ó¥Ã¥È) ¤Ë¤Ê¤ê¡¢¥¨¥ó¥È¥í¥Ô¡¼¡¦¥×¡¼¥ë¤¬ËþÇդξõÂ֤Ǥ¢¤ë¡£
287 .\"O gives the size of the entropy pool.
290 ¤Ï¥¨¥ó¥È¥í¥Ô¡¼¡¦¥×¡¼¥ë¤Î¥µ¥¤¥º¤òɽ¤¹¡£
291 .\"O The semantics of this file vary across kernel versions:
292 ¤³¤Î¥Õ¥¡¥¤¥ë¤Î°ÕÌ£¤Ï¥«¡¼¥Í¥ë¥Ð¡¼¥¸¥ç¥ó¤Ë¤è¤ê°Û¤Ê¤ë¡£
296 .\"O This file gives the size of the entropy pool in
298 .\"O Normally, this file will have the value 512, but it is writable,
299 .\"O and can be changed to any value for which an algorithm is available.
300 .\"O The choices are 32, 64, 128, 256, 512, 1024, or 2048.
301 ¤³¤Î¥Õ¥¡¥¤¥ë¤Ï¥¨¥ó¥È¥í¥Ô¡¼¡¦¥×¡¼¥ë¤Î¥µ¥¤¥º¤ò¡Ö¥Ð¥¤¥È¡×ñ°Ì¤Çµ¬Äꤹ¤ë¡£
302 Ä̾¤³¤Î¥Õ¥¡¥¤¥ë¤ÎÃÍ¤Ï 512 ¤Ë¤Ê¤ë¤¬¡¢½ñ¤¹þ¤ß²Äǽ¤Ç¤¢¤ê¡¢
303 ¥¢¥ë¥´¥ê¥º¥à¤ÇÍøÍѲÄǽ¤ÊǤ°Õ¤ÎÃͤËÊѹ¹¤Ç¤¤ë¡£
304 ÁªÂò²Äǽ¤ÊÃÍ¤Ï 32, 64, 128, 256, 512, 1024, 2048 ¤Ç¤¢¤ë¡£
307 .\"O This file is read-only, and gives the size of the entropy pool in
309 .\"O It contains the value 4096.
310 ¤³¤Î¥Õ¥¡¥¤¥ë¤ÏÆɤ߽Ф·ÀìÍѤǤ¢¤ê¡¢
311 ¥¨¥ó¥È¥í¥Ô¡¼¡¦¥×¡¼¥ë¤Î¥µ¥¤¥º¤ò¡Ö¥Ó¥Ã¥È¡×ñ°Ì¤Çµ¬Äꤹ¤ë¡£
316 .\"O .I read_wakeup_threshold
317 .\"O contains the number of bits of entropy required for waking up processes
318 .\"O that sleep waiting for entropy from
319 .\"O .IR /dev/random .
321 .I read_wakeup_threshold
324 ¤«¤é¤Î¥¨¥ó¥È¥í¥Ô¡¼¤òÂԤäƵٻߤ·¤Æ¤¤¤ë¥×¥í¥»¥¹¤òµ¯¤³¤¹¤Î¤ËɬÍפÊ
325 ¥¨¥ó¥È¥í¥Ô¡¼¤Î¥Ó¥Ã¥È¿ô¤òÊÝ»ý¤·¤Æ¤¤¤ë¡£
326 .\"O The default is 64.
327 ¥Ç¥Õ¥©¥ë¥È¤Ï 64 ¤Ç¤¢¤ë¡£
329 .\"O .I write_wakeup_threshold
330 .\"O contains the number of bits of entropy below which we wake up
331 .\"O processes that do a
335 .\"O for write access to
336 .\"O .IR /dev/random .
338 .I write_wakeup_threshold
339 ¤Ï¥¨¥ó¥È¥í¥Ô¡¼¤Î¥Ó¥Ã¥È¿ô¤òÊÝ»ý¤·¤Æ¤ª¤ê¡¢¤³¤ÎÃͰʲ¼¤Ë¤Ê¤Ã¤¿¤é
341 ¤Ø¤Î½ñ¤¹þ¤ß¥¢¥¯¥»¥¹¤Î¤¿¤á¤Ë
345 ¤ò¼Â¹Ô¤¹¤ë¥×¥í¥»¥¹¤òµ¯¤³¤¹¡£
346 .\"O These values can be changed by writing to the files.
347 ¤³¤ÎÃͤϥե¡¥¤¥ë¤Ë½ñ¤¹þ¤ß¤ò¹Ô¤¦¤³¤È¤Ë¤è¤Ã¤ÆÊѹ¹¤Ç¤¤ë¡£
349 .\"O The read-only files
353 .\"O contain random strings like 6fd5a44b-35f4-4ad4-a9b9-6b9be13e1fe9.
354 Æɤ߹þ¤ßÀìÍѤΥե¡¥¤¥ë
358 ¤Ï 6fd5a44b-35f4-4ad4-a9b9-6b9be13e1fe9 ¤Î¤è¤¦¤Ê
359 ¥é¥ó¥À¥à¤Êʸ»úÎó¤òÊÝ»ý¤·¤Æ¤¤¤ë¡£
360 .\"O The former is generated afresh for each read, the latter was
362 Á°¼Ô¤ÏÆɤ߹þ¤ß¤ÎÅ٤˿·¤¿¤ËÀ¸À®¤µ¤ì¡¢
363 ¸å¼Ô¤Ï 1 ÅÙ¤À¤±À¸À®¤µ¤ì¤ë¡£
371 .\"O .\" The kernel's random number generator was written by
372 .\"O .\" Theodore Ts'o (tytso@athena.mit.edu).
373 .\" ¥«¡¼¥Í¥ë¡¦¥é¥ó¥À¥à¥Ê¥ó¥Ð¡¼¡¦¥¸¥§¥Í¥ì¡¼¥¿¤Ï Theodora Ts'o
374 .\" (tytso@athena.mit.edu) ¤Ë¤è¤Ã¤Æ½ñ¤«¤ì¤¿¡£
379 RFC\ 1750, "Randomness Recommendations for Security"
381 .\" ÀÐÀî ËÓ <ishikawa@linux.or.jp>