differences between random and urandom

Question

I\'m trying to find out the differences between /dev/random and /dev/urandom files

1. What are the differences between /dev/random

Answer 1

What are the differences between /dev/random and /dev/urandom?

/dev/random and /dev/urandom are interfaces to the kernel's random number generator:

• Reading returns a stream of random bytes strong enough for use in cryptography
• Writing to them will provide the kernel data to update the entropy pool

When it comes to the differences, it depends on the operation system:

• On Linux, reading from /dev/random may block, which limits its use in practice considerably
• On FreeBSD, there is none. /dev/urandom is just a symbolic link to /dev/random.

When should I use them? When should I not use them?

It is very difficult to find a use case where you should use /dev/random over /dev/urandom.

Danger of blocking:

• This is a real problem that you will have to face when you decide to use /dev/random. For single usages like ssh-keygen it should be OK to wait for some seconds, but for most other situations it will be not an option.
• If you use /dev/random, you should open it in nonblocking mode and provide some sort of user notification if the desired entropy is not immediately available.

Security:

• On FreeBSD, there is no difference anyway, but also in Linux /dev/urandom is considered secure for almost all practical cases (e.g, Is a rand from /dev/urandom secure for a login key? and Myths about /dev/urandom).
• The situations where it could make a difference are edge cases like a fresh Linux installation. To cite from the Linux man page:

The /dev/random interface is considered a legacy interface, and /dev/urandom is preferred and sufficient in all use cases, with the exception of applications which require randomness during early boot time; for these applications, getrandom(2) must be used instead, because it will block until the entropy pool is initialized.

If a seed file is saved across reboots as recommended below (all major Linux distributions have done this since 2000 at least), the output is cryptographically secure against attackers without local root access as soon as it is reloaded in the boot sequence, and perfectly adequate for network encryption session keys. Since reads from /dev/random may block, users will usually want to open it in nonblocking mode (or perform a read with timeout), and provide some sort of user notification if the desired entropy is not immediately available.

Recommendation

As a general rule, /dev/urandomshould be used for everything except long-lived GPG/SSL/SSH keys.