Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

rng

Syntax

Hierarchy Level

Description

Configure a system cryptographically secure pseudo-random number generator (CSPRNG). By default, rng is not configured.

Note:

  • Only root users can configure rng options.

  • A device reboot is required for the change to take effect.

  • In FIPS mode, HMAC-DRBG will be the only active RNG available.

Default

Federal Information Processing Standards (FIPs) and Non-FIPs mode behavior:

  • (SRX1500, SRX4100, SRX4200, and SRX4600 Devices) FIPS Mode uses the hash-based message authentication code-deterministic random bit generator (HMAC-DRBG) , while Non-FIPS mode uses the Junos default Fortuna Random Number Generator.

  • (General Routing) Starting with Junos OS Release 21.4R1, in non-FIPS mode, the RNG in FreeBSD 12 based Junos OS versions has been changed from the default FreeBSD Fortuna RNG to the FIPS/SP800-90A&B HMAC-DRBG CSPRNG.

Options

fortuna

Configure the fortuna CSPRNG.
hmac-drbg

Configure the HMAC DRBG CSPRNG.
dyce

Configure the Da Yan Concentrator and Extender of Random Data (DYCE) CSPRNG.

Required Privilege Level

system-To view this statement in the configuration.