IPsec and IKE Administration Guide

How to Generate Random Numbers

If you are entering keys manually, the keying material should be random. The format for keying material is hexadecimal.

If your site has a random number generator, use that generator. Otherwise, you can use the od command with the /dev/random Solaris device as input. For more information, see the od(1) man page.

  1. Generate random numbers in hexadecimal format.


    % od -x|-X -A n file
    
    -x

    Displays the octal dump in hexadecimal format. Hexadecimal format is useful for keying material. The hexadecimal is printed in 4-character chunks.

    -X

    Displays the octal dump in hexadecimal format. The hexadecimal is printed in 8-character chunks.

    -A n

    Removes the input offset base from the display.

    file

    Serves as a source for random numbers.

    For example, the following commands print hexadecimal numbers.


    % od -X -A n /dev/random | head -2
             d54d1536 4a3e0352 0faf93bd 24fd6cad
             8ecc2670 f3447465 20db0b0c c83f5a4b
    % od -x -A n /dev/random | head -2
             34ce 56b2 8b1b 3677 9231 42e9 80b0 c673
             2f74 2817 8026 df68 12f4 905a db3d ef27
  2. Combine the output to create a key of the appropriate length.

    Remove the spaces between the numbers on one line to create a 32-character key. A 32-character key is 128 bits. For a security parameter index (SPI), you can use an 8-character key.