RNDCTL(8) System Manager's Manual RNDCTL(8)
rndctl -- in-kernel random number generator management tool
rndctl -CcEe [-d devname | -t devtype]
rndctl -ls [-d devname | -t devtype]
rndctl -L save-file
rndctl -S save-file
The rndctl program displays statistics on the current state of the rnd(4)
pseudo-driver, and allows the administrator to control which sources are
allowed to contribute to the randomness pool maintained by rnd(4), as
well as whether a given source counts as strongly random.
The following options are available:
-C Disable collection of timing information for the given device
name or device type.
-c Enable collection of timing information for the given device name
or device type.
-d Only the device named devname is altered or displayed. This is
mutually exclusive with -t.
-E Disable entropy estimation from the collected timing information
for the given device name or device type. If collection is still
enabled, timing information is still collected and mixed into the
internal entropy pool, but no entropy is assumed to be present.
-e Enable entropy estimation using the collected timing information
for the given device name or device type.
-L Load saved entropy from file save-file, which will be overwritten
and deleted before the entropy is loaded into the kernel.
-l List all sources, or, if the -t or -d flags are specified, only
those specified by the devtype or devname specified.
-S Save entropy pool to file save-file. The file format is specific
to rndctl and includes an estimate of the amount of saved entropy
and a checksum.
-s Display statistics on the current state of the random collection
-t All devices of type devtype are altered or displayed. This is
mutually exclusive with -d.
The available types are:
disk Physical hard drives.
net Network interfaces.
tape Tape devices.
tty Terminal, mouse, or other user input devices.
rng Random number generators.
/dev/random Returns ``good'' values only.
/dev/urandom Always returns data, degenerates to a pseudo-random
The rndctl program was first made available in NetBSD 1.3.
The rndctl program was written by Michael Graff <explorerATflame.org>.
Turning on entropy estimation from unsafe or predictable sources will
weaken system security, while turning on entropy collection from such
sources may weaken system security.
Care should be taken when using this command.
NetBSD 6.1.5 November 23, 2011 NetBSD 6.1.5