Pseudorandom number generator device driver
The pseudorandom number generator (PRNG) device driver provides user-space applications with pseudorandom numbers that are generated by the IBM Z® CP Assist for Cryptographic Function (CPACF).
The PRNG device driver supports the Deterministic Random Bit Generator (DRBG) requirements that are defined in NIST Special Publication 800-90/90A. The device driver uses the SHA-512 based DRBG mechanism.
If prerequisites for the SHA-512 based DRBG are not fulfilled, the device
driver uses the Triple Data Encryption Standard (TDES) algorithm instead. In TDES mode, the PRNG
device driver uses a DRBG in compliance with ANSI X9.17 based on the TDES cipher algorithm. You can
force the fallback to TDES mode by using the mode=1 module parameter.
Terminology hint: Various abbreviations are commonly used for Triple Data Encryption Standard, for example: TDES, triple DES, 3DES, and TDEA.
User-space programs access the PRNG device through a device node, /dev/prandom. Ubuntu Server 22.04 LTS provides udev to create it for you.
By default, the random data for seeding and reseeding the PRNG is supplied by the TRNG. If the TRNG is unavailable, the PRNG uses an approved algorithm to derive random data from the jitter of the high-precision, built-in real-time clock of the Z hardware.