random

Autres langues

Langue: ja

Autres versions - même langue

Version: 2003-10-25 (openSuse - 09/10/07)

Autres sections - même nom

Section: 4 (Pilotes et protocoles réseau)

Sommaire

̾Á°

random, urandom - ¥«¡¼¥Í¥ëÍð¿ô¥½¡¼¥¹¥Ç¥Ð¥¤¥¹

ÀâÌÀ

(Linux 1.3.30 ¤«¤éÄ󶡤µ¤ì¤Æ¤¤¤ë) /dev/random ¡¢ /dev/urandom ¥­¥ã¥é¥¯¥¿¥¹¥Ú¥·¥ã¥ë¥Õ¥¡¥¤¥ë¤Ï ¥«¡¼¥Í¥ëÍð¿ô¥¸¥§¥Í¥ì¡¼¥¿¤Ø¤Î¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤òÄ󶡤¹¤ë¡£ /dev/random ¥Õ¥¡¥¤¥ë¤Ï¥á¥¸¥ã¡¼¥Ç¥Ð¥¤¥¹¥Ê¥ó¥Ð¡¼ 1 ¥Þ¥¤¥Ê¡¼¥Ç¥Ð¥¤¥¹ÈÖ¹æ 8 ¤Ç¤¢¤ë¡£ /dev/urandom ¤Ï¥á¥¸¥ã¡¼¥Ç¥Ð¥¤¥¹¥Ê¥ó¥Ð¡¼ 1 ¥Þ¥¤¥Ê¡¼¥Ç¥Ð¥¤¥¹¥Ê¥ó¥Ð¡¼ 9 ¤Ç¤¢¤ë¡£

Íð¿ô¥¸¥§¥Í¥ì¡¼¥¿¤Ï¥Ç¥Ð¥¤¥¹¥É¥é¥¤¥Ð¤ä¤½¤Î¾¤Î¸»¤«¤é¤Î´Ä¶­¥Î¥¤¥º¤ò ¥¨¥ó¥È¥í¥Ô¡¼¡¦¥×¡¼¥ë¤Ø½¸¤á¤ë¡£ ¤Þ¤¿¡¢¥¸¥§¥Í¥ì¡¼¥¿¤Ï¥¨¥ó¥È¥í¥Ô¡¼¡¦¥×¡¼¥ëÆâ¤Î¥Î¥¤¥º¥Ó¥Ã¥È¤Î¿ô¤Î¸«ÀѤê¤ò Êݸ¤¹¤ë¡£ ¤³¤Î¥¨¥ó¥È¥í¥Ô¡¼¡¦¥×¡¼¥ë¤«¤éÍð¿ô¤¬À¸À®¤µ¤ì¤ë¡£

Æɤ߹þ¤ß¤¬¹Ô¤ï¤ì¤ë¤È¡¢ /dev/random ¥Ç¥Ð¥¤¥¹¤Ï¥¨¥ó¥È¥í¥Ô¡¼¡¦¥×¡¼¥ë¤Î¥Î¥¤¥º¥Ó¥Ã¥È¤Î¿ô¤Îɾ²ÁÃͤ«¤é¡¢¥é¥ó¥À¥à ¥Ð¥¤¥È¤Î¤ß¤òÊÖ¤¹¡£ /dev/random ¤Ï¥ï¥ó¥¿¥¤¥à¥Ñ¥Ã¥É (one-time pad) ¤ä¸°¤ÎÀ¸À®¤Î¤è¤¦¤Ê Èó¾ï¤Ë¹â¤¤ÉʼÁ¤ò»ý¤Ã¤¿Ìµºî°ÙÀ­¤¬É¬Íפˤʤë¾ì¹ç¤ËŬÀڤǤ¢¤í¤¦¡£ ¥¨¥ó¥È¥í¥Ô¡¼¡¦¥×¡¼¥ë¤¬¶õ¤Î»þ¤Ï¡¢/dev/random ¤«¤é¤ÎÆɤ߽Ф·¤Ï¡¢ ¹¹¤Ê¤ë´Ä¶­¥Î¥¤¥º¤¬ÆÀ¤é¤ì¤ë¤Þ¤Ç¡¢¥Ö¥í¥Ã¥¯¤µ¤ì¤ë¡£

/dev/urandom ¥Ç¥Ð¥¤¥¹¤«¤éÆɤ߽Ф·¤Ç¤Ï¡¢ ¥¨¥ó¥È¥í¥Ô¡¼¤¬¤è¤ê¹â¤¯¤Ê¤ë¤Î¤òÂԤĤ¿¤á¤Î¥Ö¥í¥Ã¥¯¤Ï¹Ô¤ï¤ì¤Ê¤¤¡£ ¤½¤Î·ë²Ì¡¢¤â¤·¥¨¥ó¥È¥í¥Ô¡¼¡¦¥×¡¼¥ë¤Ë½½Ê¬¤Ê¥¨¥ó¥È¥í¥Ô¡¼¤¬Â¸ºß¤·¤Ê¤¤¾ì¹ç¡¢ ÊÖ¤êÃͤϤ³¤Î¥É¥é¥¤¥Ð¤Ç»È¤ï¤ì¤Æ¤¤¤ë¥¢¥ë¥´¥ê¥º¥à¤Ë´ð¤Å¤¯°Å¹æ¹¶·â¤ËÂФ·¤Æ¡¢ ÏÀÍýŪ¤Ë¤Ï¼å¤¯¤Ê¤ë¤³¤È¤Ë¤Ê¤ë¡£ ¤³¤Î¹¶·â¤ò¤É¤Î¤è¤¦¤Ë¹Ô¤¦¤«¤È¤¤¤¦»ö¤Ë¤Ä¤¤¤Æ¤Ï¡¢¸½ºß¸¦µæÏÀʸ¤Ê¤É¤Î ·Á¤ÇÆþ¼ê¤Ç¤­¤ë»ñÎÁ¤Ï¤Ê¤¤¡¢¤·¤«¤·¡¢¤½¤Î¤è¤¦¤Ê¹¶·â¤ÏÏÀÍýŪ¤Ë¸ºß²Äǽ¤Ç¤¢¤ë¡£ ¤â¤·¡¢¤³¤Î»ö¤¬¿´Çۤʤ顢(/dev/urandom ¤Ç¤Ï¤Ê¤¯) /dev/random ¤òÍøÍѤ¹¤ì¤Ð¤¤¤¤¡£

ÀßÄê

¥·¥¹¥Æ¥à¤Ë¤¢¤é¤«¤¸¤áºîÀ®¤µ¤ì¤¿ /dev/random ¤È /dev/urandom ¤¬Â¸ºß¤·¤Ê¤¤¤Ê¤é¡¢¼¡¤Î¤è¤¦¤Ê¥³¥Þ¥ó¥É¤ÇºîÀ®¤Ç¤­¤ë¡£ 

    mknod -m 644 /dev/random c 1 8

    mknod -m 644 /dev/urandom c 1 9

    chown root:root /dev/random /dev/urandom

¥ª¥Ú¥ì¡¼¥¿¤ÎÁàºî¤Ê¤·¤Ë Linux ¥·¥¹¥Æ¥à¤¬µ¯Æ°¤·¤¿Ä¾¸å¤Ï¡¢ ¥¨¥ó¥È¥í¥Ô¡¼¡¦¥×¡¼¥ë¤Ï°Õ³°À­¤Î˳¤·¤¤¶Ñ°ì¤Ê¾õÂ֤ˤ¢¤ë¤À¤í¤¦¡£ ¤³¤ì¤Ë¤è¤ê¡¢¥¨¥ó¥È¥í¥Ô¡¼¡¦¥×¡¼¥ë¤Î¼ÂºÝ¤Î¥Î¥¤¥ºÎ̤Ïɾ²ÁÃͤè¤ê¾¯¤Ê¤¯¤Ê¤ë¡£ ¤³¤Î¸ú²Ì¤òÂǤÁ¾Ã¤¹¤¿¤á¤Ë¡¢¥·¥ã¥Ã¥È¥À¥¦¥ó¤«¤é (¼¡¤Î) µ¯Æ°»þ¤Þ¤Ç»ý¤Á±Û¤·¤¿ ¥¨¥ó¥È¥í¥Ô¡¼¡¦¥×¡¼¥ë¤Î¾ðÊ󤬽õ¤±¤Ë¤Ê¤ë¡£ ¥¨¥ó¥È¥í¥Ô¡¼¡¦¥×¡¼¥ë¤ò»ý¤Á±Û¤¹¤¿¤á¤Ë¤Ï¡¢ Linux ¥·¥¹¥Æ¥à¤Îµ¯Æ°»þ¤Ë¼Â¹Ô¤µ¤ì¤ëŬÀڤʥ¹¥¯¥ê¥×¥È¤Ë¡¢ °Ê²¼¤Î¹Ô¤òÄɲ乤ì¤Ð¤è¤¤:


    echo "Initializing random number generator..."

    random_seed=/var/run/random-seed

    # Íð¿ô¼ï¤òº£²ó¤Î¥¹¥¿¡¼¥È¥¢¥Ã¥×¤«¤é¼¡²ó¤Î¥¹¥¿¡¼¥È¥¢¥Ã¥×¤Þ¤Ç»ý¤Á±Û¤¹¡£

    # ¥í¡¼¥É¤ò¹Ô¤¤¡¢¤½¤Î¸å¡¢Á´¤Æ¤Î¥¨¥ó¥È¥í¥Ô¡¼¡¦¥×¡¼¥ë¤òÊݸ¤¹¤ë¡£

    if [ -f $random_seed ]; then

        cat $random_seed >/dev/urandom

    else

        touch $random_seed

    fi

    chmod 600 $random_seed

    poolfile=/proc/sys/kernel/random/poolsize

    [ -r $poolfile ] && bytes=`cat $poolfile` || bytes=512

    dd if=/dev/urandom of=$random_seed count=1 bs=$bytes

¤Þ¤¿¡¢Linux ¥·¥¹¥Æ¥à¤Î¥·¥ã¥Ã¥È¥À¥¦¥ó»þ¤Ë¼Â¹Ô¤µ¤ì¤ëŬÀڤʥ¹¥¯¥ê¥×¥È¤Ë¡¢ °Ê²¼¤Î¹Ô¤òÄɲ乤ì¤Ð¤è¤¤:


    # Íð¿ô¼ï¤òº£²ó¤Î¥·¥ã¥Ã¥È¥À¥¦¥ó¤«¤é¼¡²ó¤Î¥¹¥¿¡¼¥È¥¢¥Ã¥×¤Þ¤Ç»ý¤Á±Û¤¹¡£

    # Á´¤Æ¤Î¥¨¥ó¥È¥í¥Ô¡¼¡¦¥×¡¼¥ë¤òÊݸ¤¹¤ë¡£

    echo "Saving random seed..."

    random_seed=/var/run/random-seed

    touch $random_seed

    chmod 600 $random_seed

    poolfile=/proc/sys/kernel/random/poolsize

    [ -r $poolfile ] && bytes=`cat $poolfile` || bytes=512

    dd if=/dev/urandom of=$random_seed count=1 bs=$bytes

PROC ¥¤¥ó¥¿¥Õ¥§¡¼¥¹

¥Ç¥£¥ì¥¯¥È¥ê /proc/sys/kernel/random ¤Ë¤¢¤ë¥Õ¥¡¥¤¥ë (2.3.16 ¤«¤é¸ºß¤¹¤ë) ¤Ï¡¢ /dev/random ¥Ç¥Ð¥¤¥¹¤Ø¤Î¤½¤Î¾¤Î¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤òÄ󶡤¹¤ë¡£

Æɤ߹þ¤ßÀìÍѤΥե¡¥¤¥ë entropy_avail ¤Ï»ÈÍѲÄǽ¤Ê¥¨¥ó¥È¥í¥Ô¡¼¤òɽ¤¹¡£ Ä̾¤³¤ì¤Ï 4096 (¥Ó¥Ã¥È) ¤Ë¤Ê¤ê¡¢¥¨¥ó¥È¥í¥Ô¡¼¡¦¥×¡¼¥ë¤¬ËþÇդξõÂ֤Ǥ¢¤ë¡£

¥Õ¥¡¥¤¥ë poolsize ¤Ï¥¨¥ó¥È¥í¥Ô¡¼¡¦¥×¡¼¥ë¤Î¥µ¥¤¥º¤òɽ¤¹¡£ Ä̾¤³¤ì¤Ï 512 (¥Ð¥¤¥È) ¤Ë¤Ê¤ë¡£ ¤³¤ÎÃͤϥ¢¥ë¥´¥ê¥º¥à¤Ç»ÈÍѲÄǽ¤ÊǤ°Õ¤ÎÃͤËÊѹ¹¤¹¤ë¤³¤È¤¬¤Ç¤­¤ë¡£ ¸½ºß¤ÎÁªÂò»è¤Ï 32, 64, 128, 256, 512, 1024, 2048 ¤Ç¤¢¤ë¡£

¥Õ¥¡¥¤¥ë read_wakeup_threshold ¤Ï /dev/random ¤«¤é¤Î¥¨¥ó¥È¥í¥Ô¡¼¤òÂԤäƵٻߤ·¤Æ¤¤¤ë¥×¥í¥»¥¹¤òµ¯¤³¤¹¤Î¤ËɬÍ×¤Ê ¥¨¥ó¥È¥í¥Ô¡¼¤Î¥Ó¥Ã¥È¿ô¤òÊÝ»ý¤·¤Æ¤¤¤ë¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï 64 ¤Ç¤¢¤ë¡£ ¥Õ¥¡¥¤¥ë write_wakeup_threshold ¤Ï¥¨¥ó¥È¥í¥Ô¡¼¤Î¥Ó¥Ã¥È¿ô¤òÊÝ»ý¤·¤Æ¤ª¤ê¡¢¤³¤ÎÃͰʲ¼¤Ë¤Ê¤Ã¤¿¤é /dev/random ¤Ø¤Î½ñ¤­¹þ¤ß¥¢¥¯¥»¥¹¤Î¤¿¤á¤Ë select(2) ¤Þ¤¿¤Ï poll(2) ¤ò¼Â¹Ô¤¹¤ë¥×¥í¥»¥¹¤òµ¯¤³¤¹¡£ ¤³¤ÎÃͤϥե¡¥¤¥ë¤Ë½ñ¤­¹þ¤ß¤ò¹Ô¤¦¤³¤È¤Ë¤è¤Ã¤ÆÊѹ¹¤Ç¤­¤ë¡£

Æɤ߹þ¤ßÀìÍѤΥե¡¥¤¥ë uuid ¤È boot_id ¤Ï 6fd5a44b-35f4-4ad4-a9b9-6b9be13e1fe9 ¤Î¤è¤¦¤Ê ¥é¥ó¥À¥à¤Êʸ»úÎó¤òÊÝ»ý¤·¤Æ¤¤¤ë¡£ Á°¼Ô¤ÏÆɤ߹þ¤ß¤ÎÅ٤˿·¤¿¤ËÀ¸À®¤µ¤ì¡¢ ¸å¼Ô¤Ï 1 ÅÙ¤À¤±À¸À®¤µ¤ì¤ë¡£

¥Õ¥¡¥¤¥ë

/dev/random
/dev/urandom

´ØÏ¢¹àÌÜ

mknod (1)
RFC 1750, "Randomness Recommendations for Security"

ËÝÌõ¼Ô

ÀÐÀî ËÓ <ishikawa@linux.or.jp>