Next: arc4random(3)
Up: Pseudo Random Number Generators
Previous: Pseudo Random Number Generators
Computers are (generally) deterministic devices making it very hard to
produce real random numbers. The PRNGs we use in OpenBSD do not
generate random numbers themselves. Rather, they expand the randomness
they are given as input. Fortunately, a multi-user operating system
has many external events from which it can derive some randomness. In
OpenBSD the kernel collects measurements from various devices such as
the inter-keypress timing from terminals, the arrival time of network
packets, and the finishing time of disk requests. The randomness from
these sources is mixed into the kernel's entropy pool. When a
userland program requests random data from the kernel, an MD5 hash is
calculated over the whole entropy pool, ``folded'' in half by XOR-ing
the upper and lower word of the MD5 output, and returned. The user can
choose the quality of the generated random numbers by reading output
from the different /dev/?random devices.
& D. Keromytis
4/26/1999