Provided by: openswan_2.6.37-1_amd64 bug


       ipsec_ranbits - generate random bits in ASCII form


       ipsec ranbits [--quick] [--continuous] [--bytes] nbits


       Ranbits obtains nbits (rounded up to the nearest byte) high-quality random bits from
       random(4), and emits them on standard output as an ASCII string. The default output format
       is datatot(3) h format: lowercase hexadecimal with a 0x prefix and an underscore every 32

       The --quick option produces quick-and-dirty random bits: instead of using the high-quality
       random bits from /dev/random, which may take some time to supply the necessary bits if
       nbits is large, ranbits uses /dev/urandom, which yields prompt results but lower-quality

       The --continuous option uses datatot(3) x output format, like h but without the

       The --bytes option causes nbits to be interpreted as a byte count rather than a bit count.


       /dev/random, /dev/urandom


       ipsec_datatot(3), random(4)


       Written for the Linux FreeS/WAN project <> by Henry Spencer.


       There is an internal limit on nbits, currently 20000.

       Without --quick, ranbits´s run time is difficult to predict. A request for a large number
       of bits, at a time when the system´s entropy pool is low on randomness, may take quite a
       while to satisfy.

       Though not a bug of ranbits, the direct use of /dev/hw_random, the Linux hardware random
       number generator is not supported because it can produce very non-random data. To properly
       use /dev/hw_random, the rngd daemon should be used to read from /dev/hw_random and write
       to /dev/random, while performing a FIPS test on the hardware random read. No changes to
       Openswan are required for this support - just a running rngd.

[FIXME: source]                             10/06/2010                           IPSEC_RANBITS(8)