What is the difference between /dev/random and /dev/urandom?

The Linux kernel provides special files in /dev to access physical devices or pseudo-devices. Two character special files within this directory are /dev/random and /dev/urandom. Both are providing random data from the Linux kernel random number generator function, but with some minor differences.

Differences between random and urandom

The biggest difference between the two random number generator files /dev/random and /dev/urandom is the quality of the random data.

The source of /dev/random provides a higher quality, at the cost of less data available. This may result in some delays to get enough data, as the kernel needs to replenish it. The data coming from /dev/urandom is created using a pseudorandom number generator that pulls in data from the entropy pool. It can provide much more data, at the cost of true randomness.

Applications that really require high quality randomness, especially early during the boot, should use /dev/random. On modern Linux kernels and hardware, typically /dev/urandom is the preferred source and sufficient for most applications. The suggested way is using the syscall getrandom(2) to retrieve the data instead of reading the files directly. This function will actually use /dev/urandom as its default source. The special file /dev/random is considered to be legacy interface and was especially important in a time that the underlying cryptographic implementation of /dev/urandom was less trusted. With changes over time, the trust of the implementation and data in the latter went up.

Maximum data with read(2)

While reading directly from the special files is typically not needed for applications, the underlying read(2) function sees a big difference when reading from both sources. Since kernel 3.16, each read(2) operation will return 512 bytes from /dev/random, while /dev/urandom may return up to 32 MB.