s6-linux-utils
Software
skarnet.org

The rngseed program

rngseed manipulates the Linux kernel's entropy pool. It can seed the kernel's random number generator from a file, save a new seed into a file, wait until the entropy pool is full, and so on. Please read the options list carefully in order to use it in a secure way.

rngseed can only be run as root.

Interface

     rngseed [ -r | -R ] [ -N | -n ] [ -w | -W ] [ -d dir ] [ -v verbosity ]

The behaviour of rngseed depends on what options it is given. By default, it just waits until the entropy pool is full, then exits 0.

Options

Configuration options

Behaviour options

Creditability

A seed is said to be creditable if it has been obtained through a cryptographically secure RNG. This means it is safe from replay attacks, and safe to use to count towards the entropy pool when seeding the kernel RNG. rngseed -w will normally always create a creditable seed file, especially if used at shutdown time: by then, the kernel's entropy pool should have been initialized for a while.

An uncreditable seed can be used to add to the random pool, but should not increment the entropy count, because it is not safe from replay attacks. rngseed -r will do the right thing if the seed it reads is uncreditable.

rngseed uses the seed file's permissions to mark creditability. An uncreditable seed has rights 0600; a creditable seed has rights 0400.

Exit codes

Notes