NAME
rndctl —
in-kernel random number
generator management tool
SYNOPSIS
rndctl |
[-CcEe]
[-d devname |
-t devtype] |
rndctl |
[-lsv]
[-d devname |
-t devtype] |
DESCRIPTION
The
rndctl program displays statistics on the current state of
the
rnd(4) pseudo-driver, and
allows the administrator to control which sources are allowed to contribute to
the randomness pool maintained by
rnd(4), as well as whether a given
source counts as strongly random.
The following options are available:
-
-
- -C
- Disable collection of timing information for the given
device name or device type.
-
-
- -c
- Enable collection of timing information for the given
device name or device type.
-
-
- -d
- Only the device named devname is
altered or displayed. This is mutually exclusive with
-t.
-
-
- -E
- Disable entropy estimation from the collected timing
information for the given device name or device type. If collection is
still enabled, timing information is still collected and mixed into the
internal entropy pool, but no entropy is assumed to be present.
-
-
- -e
- Enable entropy estimation using the collected timing
information for the given device name or device type.
-
-
- -L
- Load saved entropy from file
save-file, which will be overwritten and deleted
before the entropy is loaded into the kernel.
-
-
- -l
- List all sources, or, if the -t or
-d flags are specified, only those specified by the
devtype or devname
specified.
-
-
- -S
- Save entropy pool to file save-file.
The file format is specific to rndctl and includes an
estimate of the amount of saved entropy and a checksum.
-
-
- -s
- Display statistics on the current state of the random
collection pool.
-
-
- -t
- All devices of type devtype are
altered or displayed. This is mutually exclusive with
-d.
The available types are:
-
-
- disk
- Physical hard drives.
-
-
- net
- Network interfaces.
-
-
- tape
- Tape devices.
-
-
- tty
- Terminal, mouse, or other user input devices.
-
-
- rng
- Random number generators.
-
-
- -v
- Verbose output: show entropy estimation statistics for each
source.
FILES
- /dev/random
- Returns “good” values only.
- /dev/urandom
- Always returns data, degenerates to a pseudo-random
generator.
SEE ALSO
rnd(4),
rnd(9)
HISTORY
The
rndctl program was first made available in
NetBSD 1.3.
AUTHORS
The
rndctl program was written by
Michael
Graff ⟨explorer@flame.org⟩.
BUGS
Turning on entropy estimation from unsafe or predictable sources will weaken
system security, while turning on entropy collection from such sources may
weaken system security.
Care should be taken when using this command.