The rngseed program

rngseed manipulates the Linux kernel's entropy pool. It can seed the kernel's random number generator from a file, save a new seed into a file, wait until the entropy pool is full, and so on. Please read the options list carefully in order to use it in a secure way.

rngseed can only be run as root.


     rngseed [ -r | -R ] [ -N | -n ] [ -w | -W ] [ -d dir ] [ -v verbosity ]

The behaviour of rngseed depends on what options it is given. By default, it just waits until the entropy pool is full, then exits 0.


Configuration options

Behaviour options


A seed is said to be creditable if it has been obtained through a cryptographically secure RNG. This means it is safe from replay attacks, and safe to use to count towards the entropy pool when seeding the kernel RNG. rngseed -w will normally always create a creditable seed file, especially if used at shutdown time: by then, the kernel's entropy pool should have been initialized for a while.

An uncreditable seed can be used to add to the random pool, but should not increment the entropy count, because it is not safe from replay attacks. rngseed -r will do the right thing if the seed it reads is uncreditable.

rngseed uses the seed file's permissions to mark creditability. An uncreditable seed has rights 0600; a creditable seed has rights 0400.

Exit codes