How to Generate Random Numbers (IPsec and IKE Administration Guide)

IPsec and IKE Administration Guide

How to Generate Random Numbers

If your site has a random number generator, use the generator. Otherwise, you can use the od command with the Solaris /dev/random device as input. For more information, see the od(1) man page.

Generate random keys.

On a Solaris system, you can use the od command.

# od -X -A n file

`-x`	Displays the octal dump in hexadecimal format. Hexadecimal format is useful for keying material. The hexadecimal is printed in 4–character chunks.
`-X`	Displays the octal dump in hexadecimal format. The hexadecimal is printed in 8–character chunks.
–A n	Removes the input offset base from the display.
`file`	A source for random numbers

For example, the following commands print hexadecimal numbers.

# od -X -A n /dev/random | head -2
         d54d1536 4a3e0352 0faf93bd 24fd6cad
         8ecc2670 f3447465 20db0b0c c83f5a4b
# od -x -A n /dev/random | head -2
         34ce 56b2 8b1b 3677 9231 42e9 80b0 c673
         2f74 2817 8026 df68 12f4 905a db3d ef27

Combine the numbers to create a key of the appropriate length.

Remove the spaces between the numbers on one line to create a 32–character key. A 32–character key is 128 bits. For an SPI, you can use an 8–character hexadecimal number.