Cyber security: Unpredictable Random Number Generator

(1 comment)

Random Number Generator is an important factor of security activity to create cryptographic keys and passwords.

We already know that the rand() function is a simple pseudo-random number generator. It returns a pseudo-random integer in the range 0 to RAND_MAX, ie, the mathematical range [0, RAND_MAX]. You can use rand() to define your own function that returns a pseudo-random integer in a custom range as follows:

int getRand(int range_min, int range_max)
    int u = (int)((double)rand() / ((double)RAND_MAX + 1)
        * (range_max - range_min) + range_min);
    return u;

The rand() function is seeded by the srand() function. The following small program shows that the rand() function outputs a fixed pseudo-random integer with the same seed:

/* rand.c */

#include <stdlib.h>
#include <stdio.h>

int main() {
    int i = rand();
    printf("%d\n", i);
    return 0;

After compiling, the rand program each time runs the same result:

Such function can be used in statistics but clearly can not be used for security purposes.

The Linux kernel uses two devices /dev/random and /dev/urandom along with the entropy pool to generate random numbers. Entropy pool is established from hardware information and other sources to create seed. This solution has been used in security. When the /dev/urandom device is read, it returns random bytes. You can use the following command to create a random password of the length 10:

(cat /dev/urandom|tr -cd '[:graph:]'|fold -w 10 && echo )|head -n1

However, /dev/urandom has a deficiency, at early boot time it may return data before the entropy pool is initialized. To fix this, one can write a script that saves the entropy pool for the next reboot.

/dev/random is considered legacy, reads from it can block until additional environmental noise is gathered, and in a system with low entropy such as an embedded system, this can last forever.

The better solution is to use the getrandom() function provided by Linux 3.17 and later. The following small program uses getrandom() to provide seed for the erand48() function. The erand48() function return nonnegative double-precision floating-point values uniformly distributed over the interval [0.0, 1.0):

/* getrandom.c */

#include <stdlib.h>
#include <stdio.h>
#include <sys/random.h>

int main() {
    unsigned short xsubi[3];
    getrandom(xsubi, sizeof(short) * 3, 0);
    double f = erand48(xsubi);
    printf("%1.10f\n", f);
    return 0;

The getrandom program each time runs for a different result:

Omarine 4.0 provides the Haveged package to update the Linux pool for two devices /dev/random and /dev/urandom to ensure that the security applications that utilizes these two devices can generate unpredictable random numbers. This is especially needed when the system has low entropy.

If you are an end user, you need to do nothing, the haveged service is run in Omarine 4.0 or newer by default.

Currently unrated


Frank 2 weeks, 6 days ago

I am sure this post has touched all the internet people, its really really pleasant paragraph on building up new website.
Ahaa, its pleasant dialogue concerning this paragraph at this place
at this weblog, I have read all that, so at this time me also commenting here.
There is certainly a great deal to learn about this subject.
I love all of the points you made.

Link | Reply
Currently unrated

New Comment


required (not published)



What is 8 + 4?


Discount code? It will appear here if you reach more than 100 hits : 1

Top Posts & Pages

Join 1,259 other followers

What is 2 × 7?

Can't see mail in Inbox? Check your Spam folder.

Recent Posts

Follow us

Total views
free icons from