[149315] in cryptography@c2.net mail archive
[Cryptography] Mac OS 10.7.5 Random Numbers
daemon@ATHENA.MIT.EDU (Arnold Reinhold)
Mon Feb 3 00:37:09 2014
X-Original-To: cryptography@metzdowd.com
From: Arnold Reinhold <agr@me.com>
Date: Sun, 02 Feb 2014 21:34:05 -0800
To: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
Cc: Bill Frantz <frantz@pwpconsult.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
Based on the Darwin source code posted at the xnu project, Apple uses the SHA1 version of Yarrow with the 1999 source code from Counterpane essentially unchanged. This give them a 160-bit secret state. An obvious improvement would be to switch to SHA2 or SHA3 with a 256 or 512 bit state, but the Apple source contains this warning:
"THIS FILE IS NEEDED TO PASS FIPS ACCEPTANCE FOR THE RANDOM NUMBER GENERATOR.
IF YOU ALTER IT IN ANY WAY, WE WILL NEED TO GO THOUGH FIPS ACCEPTANCE AGAIN,
AN OPERATION THAT IS VERY EXPENSIVE AND TIME CONSUMING. IN OTHER WORDS,
DON'T MESS WITH THIS FILE."
Arnold Reinhold
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
