Skip to content

zeppe-lin/seedrng

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

146 Commits
.github/workflows
.github/workflows
 
 
.gitignore
.gitignore
 
 
.mailmap
.mailmap
 
 
COPYING
COPYING
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
config.mk
config.mk
 
 
pathnames.h
pathnames.h
 
 
seedrng.8.scdoc
seedrng.8.scdoc
 
 
seedrng.c
seedrng.c
 
 

Repository files navigation

OVERVIEW

seedrng seeds the Linux kernel random number generator from stored seed files.

This distribution is a fork of Jason A. Donenfeld's SeedRNG at commit f68fee4 (Wed Apr 20 2022), with the following changes:

  • Added musl libc compatibility
  • Manual page for seedrng(8) in scdoc(5) format
  • Path definitions moved into pathnames.h
  • Added code documentation and technical notes

See the git log for full history.

Original sources:

REQUIREMENTS

Build-time

  • C99 compiler
  • POSIX sh(1p), make(1p), and "mandatory utilities"
  • Linux kernel headers (optional when building with musl)
  • scdoc(1) to generate manual pages

Runtime

  • Linux kernel with /dev/random and /dev/urandom available

INSTALLATION

seedrng is designed for integration with init systems.
It should not be run manually as a standalone tool.

To build and install:

make
make install   # as root

Configuration parameters are defined in config.mk.
Default file paths are specified in pathnames.h.

DOCUMENTATION

Usage

Run as root (normally via init/shutdown scripts):

seedrng

Manual pages

See seedrng.8.scdoc manual page.

Technical Notes

Entropy Hashing

To ensure that the entropy in the seed files either stays the same or increases over time, seedrng employs the BLAKE2s cryptographic hash function (with a 32-byte output) when creating new seed files. The process involves hashing the following data:

HASH(    "SeedRNG v1 Old+New Prefix"
        || current_real_time
        || system_boot_time
        || length_of_old_seed
        || old_seed_content
        || length_of_new_seed_data
        || new_seed_data
    )

The resulting 32-byte hash is then appended to the newly generated random data to form the complete new seed. Specifically, if new_seed represents the newly generated random data of a certain length, the final new seed stored to disk is constructed as:

final_new_seed = new_seed[:-32] || BLAKE2s_HASH(...)

Where:

  • || denotes concatenation.
  • BLAKE2s_HASH(...) represents the 32-byte BLAKE2s hash of the concatenated data described above.
  • new_seed[:-32] represents the initial portion of the newly generated random data, with the last 32 bytes reserved for the hash.

This design ensures that the new seed incorporates information about the previous seed, the current system time, the boot time, and the newly generated random data itself, enhancing its robustness and preventing entropy loss.

Path Declarations

The absolute file paths used by seedrng for storing the creditable seed (seed.credit) and the non-creditable seed (seed.no-credit) are defined as constants in the pathnames.h header file. The default location for these files is within the /var/lib/seedrng/ directory.

LICENSE

seedrng may be used under any of the following licenses:

  • GPL-2.0
  • Apache-2.0
  • MIT
  • BSD-1-Clause
  • CC0-1.0

About

Seed the Linux kernel random number generator from seed files

Topics

linux-kernel seeding rng

Resources

Readme

License

View license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 6

v0.4.0 Latest
Feb 5, 2026
+ 5 releases

Packages

 
 
 

Contributors

Languages