Random number files

The random number files, /dev/random and /dev/urandom (major 4, minor 2) provide cryptographically- secure random output that was generated from the available cryptographic hardware. The foundation of this random number generation is a time-variant input with a very low probability of recycling.

Requirement: In order to use these device files, Integrated Cryptographic Service Facility (ICSF) must be started and the cryptographic hardware is required, depending on the model of the server. ICSF is not required if you are using an IBM z14® server or later. For more information about the requirements, see the usage notes in Random Number Generate in z/OS® Cryptographic Services ICSF Application Programmer's Guide.

The hardware is designed to produce 8-byte random numbers but any amount of data might be read. Reads will fail if ICSF or the hardware is not available or if any addresses passed are invalid. Reads will not block. Data that is written to these devices will be ignored without being referenced.

These files are created whenever the system is started or when referenced if they do not exist. The default permissions are 666, RW-RW-RW-. You can change these permissions with chmod or by explicitly defining the devices with mknod.

Rules: Neither rule applies if you are using an IBM z14 server or later.

To read from these devices, the user must be authorized to use ICSF, or ICSF must have been started with the CHECKAUTH(NO) option.
For specific authority, if the CSFRNG resource in the CSFSERV class is protected, then the user must be permitted to the CSFRNG profile.