macOS – Does macOS Still Use Yarrow for Cryptographically Secure Pseudorandom Number Generation?

kernelmacos

I'm trying to understand if the XNU underpinnings of macOS (BSD) still use the Yarrow cryptographically secure pseudorandom number generator?

I have looked through the source and it seems as if they switched to a DRBG NIST generator?

https://opensource.apple.com/source/xnu/xnu-4903.221.2/osfmk/corecrypto/ccdbrg/src/ccdrbg_nisthmac.c.auto.html

There are very few references to Yarrow in the 10.14 XNU code compared with older versions of the Kernel, but 10.14 still contains this string in key.c :

/* Our PRNG is based on Yarrow and doesn't need to be seeded */

That said if you looked at older XNU Yarrow is littered everywhere.

Source code for XNU:

Lots of Yarrow references in XNU 2782 – macOS 10.11

Very few Yarrow references in XNU 4903 – macOS 10.14

So, are Apple still using Yarrow?

I ask because Yarrow is only capable of generating 160bit strong keys.

Best Answer

Yarrow is gone.

The kernel CPRNG is a Fortuna-derived design targeting a 256-bit security level.

https://support.apple.com/en-ie/guide/security/seca0c73a75b/1/web/1

Ok! So I mailed Craig Federighi recently about this, concerned that macOS wasn’t capable of generating >128bit quality keys.

He responded!

‘The source you were referencing is out of date. You can find more current informations here: FIPS certification document, section 7: "The NDRNG feeds entropy from the pool into the DRBG on demand. The NDRNG provides 256-bits of entropy.”’

What a legend.

enter image description here

So yup, macOS and iOS are both capable of generating 256 bit entropy and creating quality CS keys for both ECC and Symmetric Key crypto.

EDIT: Apple confirmed the kernel CPRNG is a Fortuna-derived design targeting a 256-bit security level.

Related Solutions

MacOS Sierra Spotlight – Search Does Not Find Numbers but Finds Number

I would first do as suggested in Hefewe1zen's answer, rebuild the Spotlight index on your Mac.

If that doesn't fix the issue, then the next thing I'd try is rebuilding the Launch Services Database.

In Terminal:

/S*/L*/F*/C*/F*/L*/S*/lsregister -kill -r -domain local -domain system -domain user

I always use the short form of the command above, however here is the long form:

/System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister -kill -r -domain local -domain system -domain user

There is no manual page for lsregister however, the following command outputs the internal help file:

/S*/L*/F*/C*/F*/L*/S*/lsregister --help

If you want to read more about rebuilding the Launch Services Database, Google is your friend!

If by chance neither of these suggested answers work, then I'd reinstall Numbers.

MacOS – Which audio interface standard (or API) does macOS use

Apple's main low-level Audio Framework / API for macOS 10.0+ is Core Audio .

https://developer.apple.com/documentation/coreaudio

Framework

Core Audio

Use specialized data types to interact with audio streams, complex buffers, and audiovisual timestamps. SDKs

Overview

The Core Audio framework (which is not an umbrella framework for the other services in Core Audio, but rather a peer) declares data types and constants used by other Core Audio interfaces. This framework also includes a handful of convenience functions.

Apple actually supports multiple frameworks & APIs, including AudioUnit & OpenAL.

Core Audio is actually based on OpenAL.

Best Answer

EDIT: Apple confirmed the kernel CPRNG is a Fortuna-derived design targeting a 256-bit security level.

Related Solutions

MacOS Sierra Spotlight – Search Does Not Find Numbers but Finds Number

MacOS – Which audio interface standard (or API) does macOS use

Related Question