devrandom reads a number of bytes from the random
device (typically /dev/random) and prints them in a
variety of formats. This provides a convenient source of randomness
for scripts and the like, as well as an easy way of generating secure
passwords and passphrases.
Persistent URL:
http://purl.org/nxg/dist/devrandom
Version 0.7, 2007 November 8.
Some UNIXes have a device /dev/random or
/dev/urandom from which random bytes can be read.
Scripts sometimes need to use a little randomness, but since these
special devices produce random 8-bit bytes rather than random
characters, this can be slightly fiddly to use. The
devrandom program is a simple utility to make this
process easier, allowing you to request random numbers or characters,
in a specified range, and request a given number of output symbols or
a certain amount of entropy.
Of course, one of the most common uses for randomness is when
generating random passwords or passphrases, and devrandom
give easy support for this, too: the command devrandom -p
produces a password using characters from the set
[a-zA-Z0-9].
This is not the only application which generates random passwords:
others are apg which is
quite generic, and RPG, which is a
Mac-specific GUI tool. There are other ways of reformatting
/dev/random, some of which were discussed in a thread on macosxhints.com.
Without any arguments, devrandom's default behaviour
is to print ten random integers between 0 and 9 inclusive:
% devrandom 1 8 2 2 0 0 6 2 7 5
The number, range and offset (from zero) can be adjusted with the
-n, -m (modulus) and -o options
respectively.
You can select characters from a given string:
% devrandom -s qwertyuiop ryipiteeep
The option -a is equivalent to specifying all of the
printable ASCII characters as the argument to the -s
option. The option -p, is equivalent to
specifying the options -a -m 62 -n 8, which picks 8
characters from the set [a-zA-Z0-9], and is useful for
generating rather good, but unmemorable, Unix passwords.
% devrandom -p -v devrandom: characters=8 modulus=62 offset=0 entropy=47.6 bits Yy7RFFWg
The -v option here shows that, at around 48 bits of
entropy (628=247.6), this is as
reasonable a password as you can expect from just 8 characters.
Other options allow you to produce output as S/Key english words, as numbers convenient for generating diceware passphrases (yes, I know this is rather missing the point), as hex digits, and for outputting a given amount of entropy.
There is a man page
-0 option, which suppresses the trailing
newline in the output string. There are some circumstances where this
is helpful to scripts reading the output. Slight formatting changes:
The `diceware numbers' output (with option -d) was the
only output which wasn't on a single line; it's on a single line now,
and other formats are more careful about avoiding trailing whitespace.-D option, to emit diceware-style passphrases.
Assorted documentation tidyups; various code-hygiene modifications,
assertions, and so on.-P was supported but still not
recognised as legal.-d and -s options, to support
outputting numbers suitable for diceware, and characters from a given
string.Download and unpack the distribution tarball.
To configure, build and install, just use:
% ./configure % make % make install
That will install the software into /usr/local. If
you want it to go somewhere else, then (as usual with
./configure), specify the alternative location as the
argument to configure's --prefix option. See
./configure --help for more details.
If you don't have a /dev/random or
/dev/urandom, but do have another device from which
random bytes can be read, the specify that at configuration time by
giving a value for the DEVRANDOM environment variable:
% env DEVRANDOM=/my/random/device ./configure
This software is copyright 2003-2005, Norman Gray. It is free software, released under the terms of the GNU General Public Licence.