/dev/random

In Unix-like operating systems, /dev/random and /dev/urandom are special files that serve as cryptographically secure pseudorandom number generators (CSPRNGs).

They allow access to a CSPRNG that is seeded with entropy (a value that provides randomness) from environmental noise, collected from device drivers and other sources.

[5] Random number generation in kernel space was implemented for the first time for Linux[2] in 1994 by Theodore Ts'o.

[6] The implementation used secure hashes rather than ciphers,[clarification needed] to avoid cryptography export restrictions that were in place when the generator was originally designed.

When read, the /dev/random device will only return random bytes within the estimated number of bits of noise in the entropy pool.

[7] The intent is to serve as a cryptographically secure pseudorandom number generator, delivering output with entropy as large as possible.

[7] However such an attack is unlikely to come into existence, because once the entropy pool is unpredictable it doesn't leak security by a reduced number of bits.

Non-random data is harmless, because only a privileged user can issue the ioctl needed to increase the entropy estimate.

Gutterman, Pinkas, & Reinman in March 2006 published a detailed cryptographic analysis of the Linux random number generator[10] in which they describe several weaknesses.

Perhaps the most severe issue they report is with embedded or Live CD systems, such as routers and diskless clients, for which the bootup state is predictable and the available supply of entropy from the environment may be limited.

This issue, they note, is particularly critical in the case of a wireless router whose network traffic can be captured from a distance, and which may be using the RNG to generate keys for data encryption.

The Linux kernel provides support for several hardware random number generators, should they be installed.

⁠ where H is a hash function and x, y, and z are sources of entropy with z being the output of a CPU-based malicious HRNG Z: Bernstein estimated that an attacker would need to repeat ⁠

The system automatically uses hardware random number generators (such as those provided on some Intel PCI hubs) if they are available, through the OpenBSD Cryptographic Framework.

[36] In Windows NT, similar functionality is delivered by ksecdd.sys, but reading the special file \Device\KsecDD does not work as in UNIX.

Windows PowerShell provides access to a cryptographically secure pseudorandom number generator via the Get-SecureRandom cmdlet.

256 byte hex dump of /dev/urandom
Rngtest testing /dev/urandom pool, same result can be observed with /dev/random pool