random

The 'random' functionality is not a command in itself but rather a special device file accessed by other utilities. To read from the random devices:

cat /dev/random
head -c N /dev/urandom
dd if=/dev/urandom of=output_file bs=1 count=N

The data read is raw binary random bytes.

The term 'random' in Linux typically refers to the special character device files, /dev/random and /dev/urandom. These devices serve as the operating system's primary source for high-quality, cryptographically secure pseudo-random numbers (CSPRNGs). They achieve this by collecting 'entropy' from various unpredictable hardware events, such as keyboard timings, mouse movements, disk I/O, and interrupt timings. The kernel maintains an entropy pool from these sources.

/dev/random is designed to provide true randomness. It blocks (pauses) when its internal entropy pool is depleted, ensuring that all numbers generated are derived from sufficient entropy. This makes it ideal for highly sensitive cryptographic keys or one-time pads where true unpredictability is paramount.

In contrast, /dev/urandom (unlimited random) does not block. If the entropy pool is low, it reuses the existing pool, generating numbers from a cryptographically secure pseudo-random number generator that is continuously reseeded from the entropy pool. While theoretically less 'random' if the initial seed is compromised, for almost all practical applications, including SSL/TLS, GPG, and UUID generation, /dev/urandom provides sufficient cryptographic strength and is generally preferred due to its non-blocking nature and higher throughput.

/dev/random can block indefinitely if entropy is low, potentially causing applications to hang. This is common in headless servers, virtual machines, or during early boot.
While /dev/urandom does not block, its security relies on a sufficiently seeded entropy pool. Though extremely rare, a compromised initial seed or a flawed PRNG could theoretically weaken its output (though in practice, for Linux, it's considered cryptographically robust for nearly all uses).
Insufficient entropy can lead to delays in cryptographic operations, key generation, and system startup.

The kernel maintains an 'entropy pool' filled by unpredictable hardware events. The quality and quantity of this entropy are crucial for the security of generated numbers. The available entropy can be monitored via /proc/sys/kernel/random/entropy_avail. Daemons like rngd or haveged can be used to feed additional entropy from dedicated hardware random number generators (TRNGs) or other sources into the kernel's pool, especially useful for systems with low natural entropy.

In some shell environments, such as Bash, there is a special shell variable named $RANDOM. When referenced, it expands to a pseudo-random integer between 0 and 32767. This variable's randomness is generally suitable for shell scripting tasks where cryptographic security is not required, as its generator is typically less robust than the kernel's /dev/urandom.

The Linux kernel's random number generator was developed by Theodore Ts'o and introduced in Linux 1.3.30 in 1995, aiming to provide a high-quality, cryptographically secure source of randomness within the kernel. Before this, systems often relied on less secure or ad-hoc methods for generating random numbers. The distinction between /dev/random (blocking, true randomness) and /dev/urandom (non-blocking, pseudo-random) was established early on to balance security needs with performance. In later kernels (Linux 3.17, 2014), the getrandom(2) system call was introduced as a modern, unified interface to access random data, combining the best aspects of both devices and providing flags for blocking behavior.

random(4), urandom(4), getrandom(2), proc(5), rngd(8)