RNDCTL(8) System Manager's Manual RNDCTL(8)

NAME

rndctlin-kernel random number generator management tool

SYNOPSIS

rndctl -CcEe [-d devname | -t devtype]

rndctl -ls [-d devname | -t devtype]

rndctl -L save-file

rndctl -S save-file

DESCRIPTION

The rndctl program displays statistics on the current state of the rnd(4) pseudo-driver, and allows the administrator to control which sources are allowed to contribute to the randomness pool maintained by rnd(4), as well as whether a given source counts as strongly random.

The following options are available:

-C
Disable collection of timing information for the given device name or device type.
-c
Enable collection of timing information for the given device name or device type.
-d
Only the device named devname is altered or displayed. This is mutually exclusive with -t.
-E
Disable entropy estimation from the collected timing information for the given device name or device type. If collection is still enabled, timing information is still collected and mixed into the internal entropy pool, but no entropy is assumed to be present.
-e
Enable entropy estimation using the collected timing information for the given device name or device type.
-L
Load saved entropy from file save-file, which will be overwritten and deleted before the entropy is loaded into the kernel.
-l
List all sources, or, if the -t or -d flags are specified, only those specified by the devtype or devname specified.
-S
Save entropy pool to file save-file. The file format is specific to rndctl and includes an estimate of the amount of saved entropy and a checksum.
-s
Display statistics on the current state of the random collection pool.
-t
All devices of type devtype are altered or displayed. This is mutually exclusive with -d.

The available types are:

disk
Physical hard drives.
net
Network interfaces.
tape
Tape devices.
tty
Terminal, mouse, or other user input devices.
rng
Random number generators.

FILES

/dev/random
Returns “good” values only.
/dev/urandom
Always returns data, degenerates to a pseudo-random generator.

SEE ALSO

rnd(4), rnd(9)

HISTORY

The rndctl program was first made available in NetBSD 1.3.

AUTHORS

The rndctl program was written by Michael Graff <explorer@flame.org>.

BUGS

Turning on entropy estimation from unsafe or predictable sources will weaken system security, while turning on entropy collection from such sources may weaken system security.

Care should be taken when using this command.

November 23, 2011 NetBSD 6.1