search cancel

Alternatives to renaming /dev/random to /dev/urandom


Article ID: 38547


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On



On certain Redhat Linux 5.3 systems (2.6 kernel), the policy server takes a long time to start due to a call to the random method as part of the startup. The process covered in the official documentation for CA Single-Sign on recommends renaming /dev/random to /dev/urandom in order to mitigate this behavior. However, in certain environments, this can cause security concerns in these specific use cases.


One specific way to address the security concerns is to increase the randomness and available entropy of the entropy pool, so that the chance of /dev/urandom running out of entropy is statistically insignificant.

You can do this by using the "rngd" entopy generation daemon to ensure that there is enough entropy available to /dev/random to prevent both the policy server startup entropy issue, as well as mitigating the security concerns that may be encountered with using /dev/urandom out-of-the-box.

1) Ensure that "rngd" is installed by checking the yum package manager application to ensure the components are installed to the OS and running.

2) Now, start the 'rngd' daemon using following command and monitor the entropy on the system. 

#rngd -r /dev/urandom -o /dev/random -f -t 1

This will configure rngd to act as the OS's random number generator, and also monitor for situations when the entropy pool is full and allow it to take appropriate action to generate new entropy.

If you wish, you can monitor the entropy available by using the following command.

#watch -n 1 cat /proc/sys/kernel/random/entropy_avail 

Additional Information:


Release: ESPSTM99000-12.51-Single Sign On-Extended Support Plus