.TH IPSEC_RANBITS 8 "22 Aug 2000"
.\" RCSID $Id: ranbits.8,v 1.7 2001/05/31 21:57:33 henry Exp $
.SH NAME
ipsec ranbits \- generate random bits in ASCII form
.SH SYNOPSIS
.B ipsec
.B ranbits
[
.B \-\-quick
] [
.B \-\-continuous
] [
.B \-\-bytes
] nbits
.SH DESCRIPTION
.I Ranbits
obtains
.I nbits
(rounded up to the nearest byte)
high-quality random bits from
.IR random (4),
and emits them on standard output as an ASCII string.
The default output format is
.IR datatot (3)
.B h
format:
lowercase hexadecimal with a
.B 0x
prefix and an underscore every 32 bits.
.PP
The
.B \-\-quick
option produces quick-and-dirty random bits:
instead of using the high-quality random bits from
.IR /dev/random ,
which may take some time to supply the necessary bits if
.I nbits
is large,
.I ranbits
uses
.IR /dev/urandom ,
which yields prompt results but lower-quality randomness.
.PP
The
.B \-\-continuous
option uses
.IR datatot (3)
.B x
output format, like
.B h
but without the underscores.
.PP
The
.B \-\-bytes
option causes
.I nbits
to be interpreted as a byte count rather than a bit count.
.SH FILES
/dev/random, /dev/urandom
.SH SEE ALSO
ipsec_datatot(3), random(4)
.SH HISTORY
Written for the Linux FreeS/WAN project
<http://www.freeswan.org>
by Henry Spencer.
.SH BUGS
There is an internal limit on
.IR nbits ,
currently 20000.
.PP
Without
.BR \-\-quick ,
.IR ranbits 's
run time is difficult to predict.
A request for a large number of bits,
at a time when the system's entropy pool is low on randomness,
may take quite a while to satisfy.