NAME
rndctl
- in-kernel random number generator management tool
SYNOPSIS
rndctl
-CcEe
[-d devname | -t devtype]
rndctl
-ls
[-d devname | -t devtype]
DESCRIPTION
The
rndctl
program displays statistics on the current state of the
rnd(4)
pseudo-driver, and allows the administrator to control which sources
are allowed to contribute to the randomness pool maintained by
rnd(4),
as well as whether a given source counts as strongly random.
The following options are available:
- -C
-
Disable collection of timing information for the given
device name or device type.
- -c
-
Enable collection of timing information for the given
device name of device type.
- -d
-
Only the device named
devname
is altered or displayed.
This is mutually exclusive with
-t.
- -E
-
Disable entropy estimation from the collected timing information for
the given device name or device type.
If collection is still enabled, timing information is still
collected and mixed into the internal entropy pool,
but no entropy is assumed to be present.
- -e
-
Enable entropy estimation using the collected timing information
for the given device name or device type.
- -l
-
List all sources, or, if the
-t
or
-d
flags are specified, only those specified by the
devtype
or
devname
specified.
- -s
-
Display statistics on the current state of the random collection pool.
- -t
-
All devices of type
devtype
are altered or displayed.
This is mutually exclusive with
-d.
The available types are:
- disk
-
Physical hard drives.
- net
-
Network interfaces.
- tape
-
Tape devices.
- tty
-
Terminal, mouse, or other user input devices.
- rng
-
Random number generators.
FILES
/dev/random
-
Returns
``good''
values only.
/dev/urandom
-
Always returns data, degenerates to a pseudo-random generator.
SEE ALSO
rnd(4),
rnd(9)
HISTORY
The
rndctl
program was first made available in
NetBSD1.3.
AUTHORS
The
rndctl
program was written by
Michael Graff
<explorer@flame.org>.
BUGS
Turning on entropy estimation from unsafe or predictable sources will
weaken system security, while turning on entropy collection from such
sources may weaken system security.
Care should be taken when using this command.