A significant rewrite of the Linux kernel's random-number generator is underway, ensuring Linux-based cryptography is a bit more secure, particularly in virtual machines, and some software a bit smoother to run.

As outlined by the author of the changes, Jason A Donenfeld, the newly released kernel 5.17 contains the first stage of the big rewrite, but more will follow in 5.18. Among other changes, the /dev/random and /dev/urandom devices now do exactly the same. This brings the Linux kernel in line with FreeBSD and macOS.

The code is contained in a module called random.c, originally written by Ted T'so for kernel 1.3 in 1994. It implements a Unix-style special character device called /dev/random which gives a stream of pseudorandom data. Building this into the kernel was a big deal, and the /dev/random device was adopted into DEC/Compaq Tru64, FreeBSD, HP-UX, IBM AIX, NetBSD, macOS, SGI IRIX, and Sun Solaris. This might make it one of the single most widely influential new features from Linux onto the broader Unix world.

Generating truly random numbers in pure software is non-trivial. If you run the same code repeatedly with the same inputs, it should produce the same results. Thus if you write a program to output random numbers, it'll produce a predictable, pseudorandom stream of values. If you can predict the output, you can figure out how software using it is going to work and, for instance, break encryption based on it. Researchers managed this for Windows 2000, for instance.