/dev/random vs /dev/urandom
If you want random data in a Linux/Unix type OS, the standard way to do so is to use /dev/random or /dev/urandom. These devices are special files. They can be read like normal files and the read data is generated via multiple sources of entropy in the system which provide the randomness.
/dev/random will block after the entropy pool is exhausted. It will remain blocked until additional data has been collected from the sources of entropy that are available. This can slow down random data generation.
/dev/urandom will not block. Instead it will reuse the internal pool to produce more pseudo-random bits.
/dev/urandom is best used when:
- You just want a large file with random data for some kind of testing.
- You are using the dd command to wipe data off a disk by replacing it with random data.
- Almost everywhere else where you don’t have a really good reason to use /dev/random instead.
/dev/random is likely to be the better choice when:
- Randomness is critical to the security of cryptography in your application – one-time pads, key generation.