Archive for February 26th, 2008

Filed Under (Geekstuff, Linux) by Sean on February-26-2008

No, I’m not talking about the strings from theoretical physics here, just plain old strings in computer programming.

So, let’s say you need to generate a truly random string for a password, encryption key salt, or some other purpose. For this purpose the best thing is to use the /dev/random or /dev/urandom device on your computer. If your system doesn’t have a hardware random number generator (e.g., palm devices, phones, embedded systems), you can use alternative techniques such as using Lava Lamps, WiFi background noise, Space or live Keno results from Vegas to generate truly random data.

Computers cannot, by themselves, generate truly random data. Most random algorithms are based on pseudo-random number generation, which are basically data that appear random but are actually generated from a completely deterministic process, making them not random at all by definition. The /dev/random device, which first appeared in Linux, uses environmental noise to generate its entropy pool from which random data can be created. Environmental noise includes keyboard and mouse use, device driver interrupt timing, and other non-deterministic data. The generator also stores the number of bits of noise that exist within the entropy pool. Thus when accessing /dev/random, if there isn’t sufficient entropy, the device will block until entropy is available. For example, if you call for a specific length string, and there isn’t sufficient entropy, it will generate what it can and wait for more entropy. You can generate entropy by using your computer’s mouse and keyboard (or do what I do and write a blog post or send out a tweet on twitter). If you cannot wait for the entropy pool to fill back up, the /dev/urandom device is available which is non-blocking since it reuses bits from the entropy pool to generate pseudo random bits (however sufficiently random for cryptographic use).

How do we create a random string then? Let’s say you need a 12 character string consisting of alpha numeric characters. This is the command I would use at a shell prompt (only type bold characters):

linux$ od -a -A n /dev/random | head -1 | tr -d ' ' | tr -d '\n' | sed 's/[^a-zA-Z0-9]//g' | awk '{print substr($0,1,12)}'

You can replace /dev/random with /dev/urandom if you don’t need truly random data. If you need a longer string, you should increase the number used with the head command and modify the number in the substring (substr) function. Additionally, you can include symbols and other non-alphanumeric characters by eliminating the sed statement. If you need just numbers, you can use a different argument to od. Here are some examples of these in order:

linux$ od -a -A n /dev/random | head -30 | tr -d ' ' | tr -d '\n' | sed 's/[^a-zA-Z0-9]//g' | awk '{print substr($0,1,256)}'

linux$ od -a -A n /dev/random | head -1 | tr -d ' ' | tr -d '\n' | awk '{print substr($0,1,12)}'

linux$ od -d -A n /dev/random | head -1 | tr -d ' ' | tr -d '\n' | awk '{print substr($0,1,12)}'

I hope you find this information informative. By typing this post, I’ve succeeded in filling back up my entropy pool!