HP-UX Strong Random Number Generator

The Strong Random Number Generator provides a secure, non-reproducible source of true random numbers for applications with strong security requirements, such as for generating encryption keys. Generating encryption keys from a non-random source constitutes a security risk that can be removed with this product. The /dev/random and /dev/urandom special files are created during product installation. When configured to use these special files, applications such as SSH will have a more secure environment for perfoming cryptographic computations.

The /dev/random and /dev/urandom files created by this product allow the read(2) system call to retrieve strong random binary sequences of up to 256 bytes. This interface is compatible with that provided by the Linux /dev/random and /dev/urandom special files.

features and benefits

• Cryptographic Strength - For a strong random number generator, a source of informational entropy must be tapped to obtain random sequences. It is a postulate adhered to by many experts that true random numbers cannot be generated mathematically, as is done by pseudo-random number generators seeded with clock times. Empirical studies have shown that there is an element of randomness in the completion times of external interrupts (disk, network, clock wakeups, etc.) when the completion times are measured with sub-microsecond granularity. A sub-microsecond region of the timings can be used to generate a bit sequence that appears indistinguishable from a true random sequence over time.

• Security - It is essential that a strong random number generator can not be influenced by, or provide any useful information to, an adversary attempting to guess its returned values. For this reason, the strong random number generator is contained entirely within the kernel domain and has no interfaces that permit modification of the binary sequences it provides. It does not store any data for initializing itself or provide interfaces that permit its internal state to be modified.

• Performance - The strong random number generator has negligible performance impact on other components such as storage or networking subsystems.

• Scalable from small to large - Generator output is not dependent on the presence of local devices, such as mouse or keyboard. For a single, unattended processor with a very light workload, the strong random number generator will typically produce over 60 bytes per second of random data. The production rate scales upward with both number of processors and system workload.

• /dev/random - The standard blocking interface for fetching random data. This is a read-only interface that is transparently compatible with Linux-developed applications such as SSH. The read(2) system call will not return until the requested amount of random data, up to 256 bytes, has been collected internally. This interface returns the highest quality random data. The informational entropy is not diluted between the collection mechanism and data returned to the requestor. If multiple requests for random data are received simultaneously, this can lead to delays of several seconds or more before a request completes. As an additional security measure the data is hashed, using the AES encryption algorithm, before it is delivered to the requestor.

• /dev/urandom - The standard non-blocking interface for fetching random data. When application performance outweighs the benefit of having the highest quality random data, this interface is often preferred by popular cryptographic applications. By hashing internal buffer contents with the AES encryption algorithm immediately before the data is delivered, any correlation with previously returned data is removed. Reinitialization of internal buffering by the random data collection mechanism occurs at least every minute to guarantee that the output remains unpredictable. Data provided to the requestor through this interface displays a random profile. While in theory the informational entropy may be lower than that provided by the /dev/random interface, in practice the output is indistinguishable.

more information

The random(7) manual page and /usr/include/sys/random.h header file, installed with this product, provide more detailed information.

revision history

The version B.11.11.07 eliminates the dependency on the /etc/loadmods file. If this file does not exist or does not have the entry for KRNG11i, the /dev/random and /dev/urandom device files are removed at system reboot time to prevent unexpected side effects caused by accessing these device special files.

The version B.11.11.08 fixes the problem that the KRNG entoropy daemon process inherits the open file descriptors and current working directory from the calling process.

The version B.11.11.09 fixes the problem that the KRNG entoropy daemon process inherits the processor binding, process scheduling policy and priority from the calling process.