[Cryptography] Mac OS 10.7.5 Random Numbers

Thor Lancelot Simon tls at rek.tjls.com
Wed Feb 5 20:05:51 EST 2014


On Sun, Feb 02, 2014 at 09:34:05PM -0800, Arnold Reinhold wrote:
> Based on the Darwin source code posted at the xnu project, Apple uses the SHA1 version of Yarrow with the 1999 source code from Counterpane essentially unchanged. This give them a 160-bit secret state. An obvious improvement would be to switch to SHA2 or SHA3 with a 256 or 512 bit state, but the Apple source contains this warning:
> 
> "THIS FILE IS NEEDED TO PASS FIPS ACCEPTANCE FOR THE RANDOM NUMBER GENERATOR.
> IF YOU ALTER IT IN ANY WAY, WE WILL NEED TO GO THOUGH FIPS ACCEPTANCE AGAIN,
> AN OPERATION THAT IS VERY EXPENSIVE AND TIME CONSUMING. IN OTHER WORDS,
> DON'T MESS WITH THIS FILE."

Oh, neat.  Now, after 13 years of wondering, I know who got Yarrow through
a FIPS-140 test lab -- and which lab.

(I'd heard through the grapevine that this had been done despite the fact
 that it seemed clearly counter to the DTRs in effect at the time; but I
 never dug up the details.)

Thor


More information about the cryptography mailing list