|
==FreeBSD==
TheIl sistema operativo [[FreeBSD]] operatingimplementa systemuna implementsvariante a 256- bit variant of the dell'[[Yarrowalgoritmo algorithmYarrow]], intendedche toha providelo ascopo [[cryptographicallydi securefornire pseudorandomun number[[generatore generator|cryptographicallydi securenumeri pseudorandompseudocasuale streamcrittograficamente sicuro]]—this replacedche asostituisce previous Linuxil styledispositivo random devicedi Linux. UnlikeA thedifferenza Linuxdi <code>/dev/random</code>, thedi FreeBSDLinux, <code>/dev/random</code> devicedi neverFreeBSD blocks.non Itsè behaviorbloccante. isIl similarsuo tocomportamento theè Linuxsimile a <code>/dev/urandom</code>, anddi Linux e <code>/dev/urandom</code> onè FreeBSDcollegato is linked toa <code>/dev/random</code>.
Yarrow is based on the assumptions that modern PRNGs are very secure if their internal state is unknown to an attacker, and that they are better understood than the estimation of entropy. Whilst entropy pool based methods are completely secure if implemented correctly, if they overestimate their entropy they may become less secure than well-seeded PRNGs. In some cases an attacker may have a considerable amount of control over the entropy, for example a diskless server may get almost all of it from the network—rendering it potentially vulnerable to man-in-the-middle attacks. Yarrow places a lot of emphasis on avoiding any pool compromise and on recovering from it as quickly as possible. It is regularly reseeded; on a system with small amount of network and disk activity, this is done after a fraction of a second.
L'algoritmo Yarrow è basato sull'assunzione che i moderni generatori di numeri pseudocasuali sono molto sicuri se il loro stato rimane sconosciuto all'attaccante. Mentre un metodo basato su una entropy pool è completamente sicuro se implementato correttamente, non rimane sicuro se la quantità di entropia viene sovrastimata ed è più debole di un generatore basato su un seme bel inizializzato. In alcuni casi un attaccante potrebbe avere un considerevole controllo sull'entropia, per esempio i server senza disco potrebbere prendere gran parte della propria entropia dalla rete e questo li rende vulnerabili a un attacco man-in-the-middle. Yarrow mette molta attenzione nell'evitare che un pool sia compromesso e sul suo rapido ripristino. Il seme dell'algoritmo è periodicamente rigenerato; nei sistemi con bassa attività di rete e di disco, questo viene fatto dopo una frazione di secondo.
In 2004, [[Landon Curt Noll]] tested the FreeBSD 5.2.1 version of '''/dev/random''' and suggested that it was not cryptographically secure because its output had multiple uniformity flaws.<ref>{{cite |title=How good is LavaRnd?: Detailed Description of Test Results and Conclusions |url=http://www.lavarnd.org/what/nist-test.html |date=22 Sep 2004 |work=LavaRnd |publisher=LavaRnd |accessdate=22 Dec. 2010}}</ref> Similar flaws were found in the [[Linux]] 2.4.21-20, [[Solaris (operating system)|Solaris]] 8 patch 108528-18, and [[Mac OS X]] 10.3.5 implementations of '''/dev/random'''. ▼
▲InNel 2004 , [[Landon Curt Noll]] testedtestò <code>/dev/random</code> thedi FreeBSD 5.2.1 versione ofconcluse '''/dev/random'''che andnon suggestedera thatcrittograficamente itsicuro wasperché notil cryptographicallysuo secureoutput because its outputaveva haddifetti multiplemultipli uniformitye flawsuniformi.<ref>{{cite |title=How good is LavaRnd?: Detailed Description of Test Results and Conclusions |url=http://www.lavarnd.org/what/nist-test.html |date=22 Sep 2004 |work=LavaRnd |publisher=LavaRnd |accessdate=22 Dec. 2010}}</ref> SimilarSimili flawsdifetti werefurono foundtrovati innell'implementazione di <code>/dev/random</code> thedi [[Linux]] 2.4.21-20, [[Solaris (operating system)|Solaris]] patch 8 patch 108528-18 , ande [[Mac OS X]] 10.3.5 implementations of '''/dev/random'''.
FreeBSD also provides support for [[hardware random number generator]]s, which will replace Yarrow when present.
random'''.
==Other operating systems==
FreeBSD fornisce inoltre supporto per [[generatore di numeri casuali hardware]].
<code>/dev/random</code> and <code>/dev/urandom</code> are also available on [http://blogs.sun.com/yenduri/entry/dev_random_in_solaris Solaris], [http://developer.apple.com/mac/library/documentation/Darwin/Reference/ManPages/man4/random.4.html Mac OS X], [http://netbsd.gw.com/cgi-bin/man-cgi?rnd++NetBSD-current NetBSD], [http://www.openbsd.org/cgi-bin/man.cgi?query=srandom&apropos=0&sektion=4&manpath=OpenBSD+Current&arch=i386&format=html OpenBSD], ▼
== Altri sistemi operativi ==
▲<code>/dev/random</code> ande <code>/dev/urandom</code> aresono alsodisponibili available onsu [http://blogs.sun.com/yenduri/entry/dev_random_in_solaris Solaris], [http://developer.apple.com/mac/library/documentation/Darwin/Reference/ManPages/man4/random.4.html Mac OS X], [http://netbsd.gw.com/cgi-bin/man-cgi?rnd++NetBSD-current NetBSD], [http://www.openbsd.org/cgi-bin/man.cgi?query=srandom&apropos=0&sektion=4&manpath=OpenBSD+Current&arch=i386&format=html OpenBSD],
[http://h30097.www3.hp.com/docs/base_doc/DOCUMENTATION/V51B_HTML/MAN/MAN4/0199____.HTM Tru64 UNIX 5.1B],
[http://publib.boulder.ibm.com/infocenter/pseries/v5r3/topic/com.ibm.aix.files/doc/aixfiles/random.htm#idx927 AIX 5.2],
e
and
[http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=KRNG11I HP-UX 11i v2]. AsCome within FreeBSD, AIX implementsimplementa itsun ownproprio algoritmo Yarrow-based design,. howeverTuttavia AIX usesusa considerablyuna fewerquantità entropydi sourcesentropia thanconsiderevolmente theminore allo standard <code>/dev/random</code>e implementation andsmette stopsdi refillingriempire theil pool whenquanto itpensa thinksche itcontenga containsabbastanza enough entropyentropia..<ref>{{cite web|url=http://lists.gnupg.org/pipermail/gnupg-devel/2003-April/019954.html |title=AIX 5.2 /dev/random and /dev/urandom devices |publisher=Lists.gnupg.org |author=Iain Roberts |date=April 25, 2003 |accessdate=2008-09-18}}</ref>
In [[Windows NT]], similaruna functionalityfunzione issimile deliveredè byfornita da <code>ksecdd.sys</code>, butma readingla thelettura specialdel file speciale <code>\Device\KsecDD</code> doesnon notfunziona work ascome in UNIX. TheI documentedmetodi methodsdocumentati toper generategenerare cryptographicallybytes randomcrittograficamente bytessicuri aresono [[CryptGenRandom]] e [[RtlGenRandom]].
[[CryptGenRandom]] and [[RtlGenRandom]].
WhileAnche se [[DOS]] doesn'tnon naturallyimplementa providenativamente suchuna functionalityfunzionalità theresimile isci ansono opendriver sourceda third-partyterze driverparti calledchiamati [http://www.rahul.net/dkaufman/index.html Noise.sys] whichche functionscreano similarlydue indispositivi, that it creates 2 devices, <code>RANDOM$</code> and <code>URANDOM$</code>, whichche aresono alsoanche accessibleaccessibili asda <code>/DEV/RANDOM$</code> and <code>/DEV/URANDOM$</code>, that programs can access for random data.
==EGD as an alternative==
A software program called '''EGD''' (entropy gathering daemon) is a common alternative for Unix systems which do not support the /dev/random device. It is a [[user space]] [[Daemon (computer software)|daemon]] which provides high quality cryptographic random data. Some cryptographic software such as [[OpenSSL]], [[GNU Privacy Guard]], and the [[Apache HTTP Server]] support using EGD when a /dev/random device is not available.
== EGD come alternativa ==
[http://egd.sourceforge.net/ EGD], or a compatible alternative such as [http://prngd.sourceforge.net/ prngd], gather pseudo-random entropy from various sources, process it to remove bias and improve cryptographic quality, and then make it available over a [[Unix ___domain socket]] (with '''/dev/egd-pool''' being a common choice), or over a [[Internet socket|TCP socket]]. The entropy gathering usually entails periodically [[Fork (operating system)|forking]] subprocesses to query attributes of the system that are likely to be frequently changing and unpredictable, such as monitoring CPU, I/O, and network usage as well as the contents of various log files and [[Temporary folder|temporary directories]].
Il software '''EGD''' (entropy gathering daemon) è un'alternativa comune per i sistemi Unix che non supportano <code>/dev/random</code>. È un [[demone]] che fornisce dati casuali di qualità crittografica. Alcuni software crittografici come [[OpenSSL]], [[GNU Privacy Guard]], e [[Apache HTTP Server]] usano EGD quando <code>/dev/random</code> non è disponibile.
EGD communicates with other programs which need random data using a simple [[Protocol (computing)|protocol]]. The client connects to an EGD socket and sends a command, identified by the value of the first [[octet]]:
* command 0: query the amount of entropy currently available. The EGD daemon returns a 4-byte number in [[Endianness|big endian]] format representing the number of random bytes that can currently be satisfied without delay.
* command 1: get random bytes, no blocking. The second byte in the request tells EGD how many random bytes of output it should return, from 1 to 255. If EGD does not have enough entropy to immediately satisfy the request, fewer bytes, or perhaps no bytes may be returned. The first octet of the reply indicates how many additional bytes, those containing the random data, immediately follow in the reply.
* command 2: get random bytes, blocking. The second byte tells EGD how many random bytes of output it should return. If EGD does not have enough entropy, it will wait until it has gathered enough before responding. Unlike command 1, the reply starts immediately with the random bytes rather than a length octet, as the total length of returned data will not vary from the amount requested.
* command 3: update entropy. This command allows the client to provide additional entropy to be added to EGD's internal pool. The next two bytes, interpreted as a 16-bit big endian integer indicate how many bits of randomness the caller is claiming to be supplying. The fourth byte indicates how many additional bytes of source data follow in the request. The EGD daemon may mix in the received entropy and will return nothing back.
[http://egd.sourceforge.net/ EGD], o la compatibile alternativa [http://prngd.sourceforge.net/ prngd], raccolgono entropia pseudo-casuale da varie sorgenti, le processano per rimuovere distorsioni e migliorare la qualità crittografica e le rendono disponibili tramite un [[Unix ___domain socket]] ('''/dev/edg-pool''' è una scelta comune), o attraverso un [[Internet socket|TCP socket]]. L'accumulo dell'entropia di solito comporta [[fork]] di sottoprocessi periodici per interrogare gli attributi del sistema che sono tipicamente cambiano frequentemente e sono impredicibili, come la CPU, l'I/O, l'utilizzo della rete e il contenuto di vari file di log e directory temporanee.
==See also==
* [[Unix philosophy]]
* [[Standard streams]]
* <tt>[[:/dev/full]]</tt>
* <tt>[[:/dev/zero]]</tt>
* <tt>[[:/dev]]</tt>
* [[Generatore di numeri casuali hardware]]
* [[Hardware random number generator]]
* [[Generatore di numeri pseudocasuali crittograficamente sicuro]]
* [[Cryptographically secure pseudo-random number generator]]
* [[YarrowAlgoritmo algorithmYarrow]]
* [[Fortuna (PRNG)|FortunaAlgoritmo algorithmFortuna]]
==Notes Note ==
{{reflist}}
==References Riferimenti ==
{{morefootnotes|date=December 2010}}
* [http://msdn2.microsoft.com/en-us/library/aa379942.aspx CryptGenRandom]
{{DEFAULTSORT:/Dev/Random}}
[[CategoryCategoria:Randomness|Dev Random]]
[[CategoryCategoria:Unix|Dev Random]]
[[CategoryCategoria:Device file]]
[[es:/dev/random]]
[[fr:/dev/random]]
[[it:/dev/random]]
[[ja:/dev/random]]
[[pl:/dev/random]]
[[pt:/dev/random]]
[[ru:/dev/random и /dev/urandom]]
[[tr:/dev/random]]
[[zh:/dev/random]]
* <tt>[[:/dev/zero]]</tt>
* <tt>[[:/dev/full]]</tt>
* <tt>[[:/dev/null]]</tt>
{{Portale|Informatica}}
[[Categoria:Unix]]
[[de:/dev/random]]
[[es:/dev/random]]
[[fr:/dev/random]]
[[ja:/dev/random]]
[[pl:/dev/random]]
| 